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Abstract 

Graph transformation systems (GTS) and constraint handling rules (CHR) are non- 
deterministic rule-based state transition systems. CHR is well-known for its powerful con- 
fluence and program equivalence analyses, for which we provide the basis in this work to 
apply them to GTS. We give a sound and complete embedding of GTS in CHR, investigate 
confluence of an embedded GTS, and provide a program equivalence analysis for GTS via 
the embedding. The results confirm the suitability of CHR-based program analyses for 
other formalisms embedded in CHR. 

KEYWORDS: Graph Transformation Systems, Constraint Handling Rules, Program Anal- 
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1 Introduction 



Graph transformation systems (GTS) are used to describe complex structures and 
systems in a concise, readable, and easily understandable way. They have ap- 
plications ranging from implementations of programming languages over model 



transformations to graph-based models of computation (Blostcin et al. 1995 Ehrig 



et al. 2006 ). Graph transformation systems see widespread use in many applications 



(Ehrig et al. 2006), and hence performing program analysis on them is becoming 



more important. 



Constraint handling rules (CHR) (Friihwirth 2009) on the other side allows 



for rapid prototyping of constraint-based algorithms. Besides constraint reasoning, 
CHR has been used for such diverse applications as type system design for Haskell 



(Sulzmann et al. 2006), time tabling (Abdennadher and Marte 20001, computa- 



tional linguistics (Dahl and Maharshak 20091, chip card verification (Pretschner 



et al. 2004), computational biology (Bavarian and Dahl 2006), and decision sup 



port for cancer diagnosis ( Barranco-Mendoza 2005). Essentially, CHR performs 
guarded multiset rewriting, extended by a complete and decidable constraint the- 
ory. A specific strength of CHR is the wide array of available program analyses. 
Other formalisms have been embedded in CHR in order to compare and mutually 
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Fig. 1. Confluence Property for rules r± and T2 




Fig. 2. Operational Equivalence for programs V\ and Vi 



benefit from different analysis approaches (cf. Section [6]). In this work, we extend 
this line of research by embedding graph transformation systems in CHR and com- 
paring confluence and operational equivalence analysis methods. 

First, we embed graph transformation systems in CHR (Raiser 2007) in Section[3] 
This encoding is intuitive and offers a clear one-to-one correspondence between GTS 
and CHR rules. Our proposed encoding characterizes a subset of CHR that closely 
corresponds to graph transformation systems, and furthermore we prove its sound- 
ness and completeness. Then, we show that CHR is capable of expressing infinite 
numbers of graphs, which we will call partial graphs, and their transformations in 
a finite way, thus facilitating program analysis. 

In non-deterministic rule-based systems, like GTS and CHR, two or more rules 
can be applied to a state a. An interesting property in that respect is the notion of 
confluence, which holds, if for any case in which two rules are applicable there exist 
computations yielding the same, or equivalent, results. This situation is displayed 
in Figure [l] which due to its shape is referred to as the diamond property. 

For terminating CHR programs a decidable automatic confluence test exists, 



based on research in the area of term-rewriting (Baader and Nipkow 1998). However 



as shown in (Plump 2005), an analogous approach fails for graph transformation 



systems. Therefore, confluence analysis is an important example for a program 
analysis of a GTS with methods from CHR. In Section[4]we show that the confluence 
test for CHR coincides with the strongest known sufficient criterion for confluence 
of a GTS ( |Raiser and Friihwirth 20"09b ). 

In Section [5] we examine operational equivalence ( Abdennadher and Friihwirth 



1999 ) as a second example of a program analysis that is available for CHR and can 
be applied to GTS. Operational equivalence, intuitively, decides if two programs 
can compute equivalent results when given the same input, as shown in Figure [2] 
The diamond shape in Figure [2] emphasizes the similarity to confluence, which is 
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also found in the respective program analysis methods. We introduce operational 



equivalence in the GTS context in analogy to CHR (Raiser and Friihwirth 2009a). 



Then, we prove that deciding operational equivalence of a CHR program, derived 
from a GTS, is a sufficient criterion for operational equivalence of the corresponding 
GTS. 

An interesting application of this result is the possibility to detect and remove re- 
dundant rules using the test for operational equivalence. Redundant rules of graph 



transformation systems have been formally defined in (Kreowski and Valiente 2000) 



however to the best of our knowledge, this is the first available algorithm for de- 
tecting them in a GTS. 

This work presents a unified treatment and considerable extension of previously 



published works (Raiser 2007 Raiser et al. 2009 Raiser 2009 Raiser and Friihwirth 



2009a Raiser and Friihwirth 2009b). In (Raiser et al. 2009) a formal treatment of 



CHR state equivalence is provided and, derived from that, a simplified formulation 
of the operational semantics of CHR. This novel formulation allows us to unify 
our previous works while simplifying presentation and formal proofs significantly. 



Furthermore, the state equivalence definition from ( Raiser et al. 2009 ) is the basis 
for new insights on CHR states that encode graphs. 



2 Preliminaries 

In this section we introduce the required formalisms for graph transformation sys- 
tems in Section |2.1| and constraint handling rules in Section |2.2| 



2.1 Graph Transformation System 

The following definitions for graphs and graph transformation systems (GTS) have 
been adapted from ( |Ehrig et al. 2006 ). 

Definition 2.1 {graph) 

A graph G = (V, E, src, tgt) consists of a finite set V of nodes, a finite set E of 
edges and two functions src, tgt : E — > V specifying source and target of an edge, 
respectively. A type graph TG is a graph with unique labels for all nodes and edges. 

For simplicity, we avoid an additional label function in favor of identifying variable 
names with labels. For multiple graphs we refer to the node set V of a graph G as Vc 
and analogously for edge sets and the src, tgt functions. We further define the degree 
of a node as deg : V -> N, v H> #{e E E | src(e) = v} + #{e E E | tgt(e) = v}. As 
there may be multiple graphs containing the same node, we use deg G (v) to specify 
the degree of a node v with respect to the graph G. When the context graph is 
clear the subscript is omitted. 

In this work, we consider typed graphs, i.e. graphs in which nodes and edges are 
assigned types from a type graph. 

Definition 2.2 [graph morphism, typed graph) 
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Fig. 3. Example of a type graph and typed graph 



Given graphs Gi,G 2 with Gi = (Vi, Ei, src^, tgtj) for i = 1,2 a graph morphism 
f : Gi — > G-2,f = (fy,f E ) consists of two functions fy : V\ — > V 2 and f E : 
Ei — > E 2 that preserve the source target functions, i.e. fy o srci = src2 of E and 

fy Otgti = tgt 2 o/ E . 

A graph morphism / is injective (or surjective) if both functions fv,fE are 
injective (or surjective, respectively); / is called isomorphic if it is bijective. / is 
called an inclusion if fv{V\) C V\ and fE(Ei) C E^. When the context is clear, we 
simply refer to graph morphisms as morphisms. 

A typed graph G is a tuple (V, E, src, tgt, type, TG) where (V, E, src, tgt) is a 
graph, TG a type graph, and type a graph morphism with type = (typey, type B ) 
and type v : V TGv^type^ : E — > TGe- 

For a typed graph G = (V, E, src, tgt, type, TG) we define a subgraph H as a 
typed graph (V, S', src', tgt', type', TG) such that V C VA£' C £ A src' = src | E / 
A tgt' = tgt |b' Atypc'y = type v |y Atypc'^ = typc B \e> with Ve 6 -E'.src'(e) € 
V Atgt'(e) e V. 

Example 2.1 

Figure [3] shows an example for a type graph and a corresponding typed graph. 
The type graph at the top defines two types of nodes: processes and resources. 
Furthermore, it defines use edges going from processes to resources. The typed 
graph is one possible instance of a graph modeling processes and resources being 
used by those processes. The type graph morphism is represented by the dotted 
lines, showing how the nodes are typed as processes or resources, respectively. 

Definition 2.3 (GTS, rule) 

A Graph Transformation System (GTS) is a tuple consisting of a type graph and 
a set of graph production rules. A graph production rule - simply called rule if the 

l T 

context is clear - is a tuple p = (L <— K — > R) of graphs L, K, and R with inclusion 
morphisms I : K — > L and r : K — > R. 
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Fig. 4. Double-pushout approach 



We distinguish two kinds of typed graphs: rule graphs and host graphs. Rule 
graphs are the graphs L,K,R of a graph production rule p and host graphs are 
graphs to which the graph production rules are applied. This work is based on the 



double-pushout approach (DPO) as defined in ( |Ehrig et al. 2006 ). Most notably. 



we require a match morphism m : L — > G to apply a rule p to a typed host 
graph G. The transformation yielding the typed graph H is written as G H. 
H is given mathematically by constructing D as shown in Figure |4j such that (1) 
and (2) are pushouts in the category of typed graphs. Intuitively, the graph L 
is matched to a subgraph of G and its occurrence in G is then replaced by the 
graph R. The intermediate graph K is the context graph, which contains the nodes 
and edges in both L and R, i.e. all nodes and edges matched to K remain during 
the transformation. 

A graph production rule p can only be applied to a host graph G if the following 



gluing condition is satisfied. In fact, (Ehrig et al. 2006) shows, that D and the 



pushout (1) exist if and only if this gluing condition is satisfied. It is based on the 



following three sets (Ehrig et al. 20061: 



• gluing points: GP = l(K) 

• identification points: IP = {v G Vl | 3w G Vl,w ^ v : m(v) — m(w)} U {e G 
E L \3feE L ,e^f:m(e)=m(f)} 

• dangling points: DP = {v G Vl | 3e G Eq \ m{Ei) ■ srcc(e) = m(v) V 
tgtcle) = m ( v )} 

Definition 2.4 (gluing condition) 

The gluing condition is defined as IP U DP C GP. 

If the gluing condition is satisfied for a rule p = (L <— K ^> R) the application of 
the rule consists of transforming G into H by performing the construction described 
above. An implementation-oriented interpretation of a rule application is that all 
nodes and edges in m(L \ 1{K)) are removed from G to create D = (G \ m(L)) U 
m(l(K)) and then all nodes and edges in n(R \ r(K)) are added to create H = 
DUn(R\r(K)). 

Example 2.2 

Figure [5] shows two graph production rules in a shorthand notation that defines 
the morphisms I and r implicitly by the labels of the nodes which are mapped onto 
each other. The resulting graph transformation system is implicitly defined over the 
simple type graph consisting only of a single node with a loop, depicted in Figure [6] 
The two rules constitute a graph transformation system for detecting cyclic lists. 
The basic idea of the unlink rule is to remove intermediate nodes of the list, while 
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unlink: 




Fig. 5. Graph transformation system for recognizing cyclic lists 

o 

Fig. 6. Simple type graph consisting of a node and edge 



the twoloop rule replaces the cyclic list consisting of two nodes by a single node 
with a loop. Note that application of the twoloop rule requires that no additional 
edges are adjacent to the removed node. Such dangling edges are discussed in more 
detail in Section [3] 

To detect if a host graph is a cyclic list, the GTS is applied to the host graph 
until exhaustion, i.e. until no rule is applicable anymore. The initial host graph 
then is a cyclic list if and only if the final graph consists of a single node with a 
loop (cf. ( |Bakewell et al. 2003[ )). 



In general, the match morphism m can be non-injective. However, for the re- 
mainder of this work we only consider injective match morphisms, which have the 
advantage that the set IP of identification points is guaranteed to be 0. Further- 
more, non-injective match morphisms can be simulated as follows: given a rule p = 

l T 

[L <— K R) and a non-injective match morphism m it holds Vw, w £ Vl , v ^ w 
with m(v) = m(w) that the rule is only applicable, if v, w € 1(Vk), i.e. only nodes 
which are not removed by the rule application are allowed to be matched non- 
injectively - otherwise IP % GP. Therefore, it is possible to add another rule p' 
which is derived from p by merging the nodes v and w into a node v w in all three 
graphs of the rule. Thus, the non-injective matching with m(v) = m(w) can be 
simulated by injectively matching v w to m{v w ) where m(v w ) is the same node in G 
as m(v). The same argumentation holds for edges, analogously. Therefore, we can 
restrict ourselves to injective match morphisms by extending the set of rules with 
new rules for all possible merges of nodes and edges in the graph K. This simplifies 
the generic gluing condition to DP C GP. 



Finally, we require the following definition of the track morphism (Plump 1995). 
Intuitively, the track morphism is defined for a node or edge, if it is not removed 
by the rule application. 



Definition 2.5 {track morphism) 

Given G =>■ H the track morphism txc^-H '■ G — > H is the partial graph morphism 
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defined by 

tr G H (x) = [ 9{rl{x)) iixef W> 
^ \ undefined otherwise. 

Here / : D — > G and g : D — > H are the morphisms in the lower row of the 
pushout (1) in Figure [I] and f^ 1 : f(D) —> D maps each item f(x) to x. 

The track morphism of a derivation A : Go =>* G n is defined by tr& = idc 
if n = and tr^ = trQ x ^*Q n o tTQ ^Q 1 otherwise, where id<3 is the identity 
morphism on G . 



2.2 Constraint Handling Rules 

This section presents the syntax and operational semantics of Constraint Handling 



Rules (CHR) (Sneyers et al. 2009 Friihwirth 2009). Constraints are hrst-order 



predicates which we separate into built-in constraints and user-defined constraints. 
Built-in constraints are provided by the constraint solver while user-defined con- 
straints are defined by a CHR program. The notation c/n, where c is called the 
constraint symbol and n the arity, is used for both types of constraints. 

Its semantics is based on an underlying complete constraint theory CT on built-in 
constraints for which satisfiability and entailment are decidable. In general, CHR 
allows arbitrary constraint theories for CT, requiring only that it contains at least 
Clark's equality theory for syntactic equality. In addition to that, in this work we 
also require CT to cover the elementary arithmetic operations + and — . Further- 
more, T denotes the built-in which is always true and _L denotes false, respectively. 



The survey (Sneyers et al. 2009) provides an overview over the different techniques 



used in CHR implementations and the book (Friihwirth 2009) details the different 



available operational semantics for CHR. In this work we abstract from specific 



implementations and rely on the operational semantics given in (Raiser et al. 2009 1, 
which corresponds to the very abstract operational semantics in ( Friihwirth 2009 ) . 

CHR is a state transition system over the set of states given in the following 
definition. 

Definition 2.6 {CHR states) 
A ( CHR ) state is a tuple 

(G,B,V). 

& is a multiset of user-defined constraints called the goal (or (user- defined) con- 
straint store), B is a conjunction of built-in constraints called the built-in (con- 
straint) store, and V is the set of global variables. 

In this work tr, r, . . . denote CHR states and E denotes the set of all CHR states. 

The following definition introduces the different types of variables we distinguish 
for a given CHR state. 

Definition 2. 7 ( Variable Types) 

For the variables occurring in a state a — (G,B,V) we distinguish three different 
types: 
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1. a variable v € V is called a global variable 

2. a variable w ^ V is called a local variable 

3. a variable »^(¥U vars(G)) is called a strictly local variable 



The following equivalence relation = between CHR states ( Raiser et al. 2009 1 is 
an important tool that facilitates a succinct definition of the operational semantics 
of CHR and simplifies proofs. 

Definition 2.8 {State Equivalence) 

Equivalence between CHR states is the smallest equivalence relation = over CHR 
states that satisfies the following conditions: 

1. (Substitution) 

(G,x = t M,V) = (G [x/t],x = tAM,V) 

2. (Transformation of the Constraint Store) If CT \= 3sM O 3s' .B' where s, s' 
are the strictly local variables of B,B', respectively, then: 

(G,B,V) = (G,B',V) 

3. (Omission of Non-Occurring Global Variables) If X is a variable that does 
not occur in G or B then: 

(G,B,{X}U¥) = (G,B,V> 

4. (Equivalence of Failed States) 

(G,_L,V> = (G',_L,V) 
The following lemma presents basic properties of this equivalence relation: 



Lemma 1 {Properties of State Equivalence (Raiser et al. 200Sty ) 



The equivalence relation over CHR states, given in Definition |2.8| has the following 
properties: 

1. (Renaming of Local Variables) Let x,y be variables such that x,y ^ V and y 
does not occur in G or B: 

(G,B,V) = (G [x/y],M[x/y],W) 

2. (Partial Substitution) Let G [x 1 1] be a multiset where some occurrences of x 
are substituted with t: 

(G, x = t A B, V) = (G [x 1 1) , x = t A B, V) 

3. (Logical Equivalence) If 

(G,B,V> = (G',B',V'> 

then CT |= 3y.G A B -f-> By' .G' A B', where y, y' are the local variables of 
(G,B, V), (G',B', V), respectively. 



Decidability of state equivalence is a result of the following theorem from ( Raiser 
et al. 20091): 
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Theorem 2 (Criterion for = (Raiser et al. 2009)) 



Let a = (G,B,V),<t' = (G',B',V) be CHR states with local variables y,y' that 
have been renamed apart. 

a = a' iff CT h V(B -> 3y'.((G = G') A B')) A V(B' -> 3y.((G = G') A B)) 

As CHR is a rule-based programming language we now introduce the different 
types of possible CHR rules. 

Definition 2.9 (CHR Rules, CHR Program) 

For multisets Hi,H2, B c of user-defined constraints with Hi,H 2 ^ and conjunc- 
tions G, Bb of built-in constraints a CHR simpagation rule is of the form 

H 1 \H 2 <^ G | B c ,B b . 

For the case Hi = we call the rule a simplification rule and denote it as 

H2 G I B c , Bb 

and for the case Hi — we call the rule a propagation rule and denote it as 

Hx =£■ G I B c , 

If G = T it can be omitted together with the ' |'. 
A Cfffl program is a set of CHR rules. 

Next, we define the operational semantics of CHR by introducing its transition 



relation >— > based on the formulation given in (Raiser et al. 20091, which relies 
on equivalence classes of CHR states. In the remainder of this work we take the 
liberty of notationally identifying a CHR state a with its equivalence class [a]. 
Furthermore, we simplify multiset expressions like {a} tfcl {6} to a tfcl b or a, b. 

Definition 2.10 (Operational Semantics) 

For a CHR program V we define the state transition system (S/=, >— ►) as follows. 
The application of a rule r £ V assumes a copy of it that contains only fresh 
variables. 

r @ Hx\H 2 ^G\B C , B b 

[{HiUH 2 tfcl G, GAB, V}] >-» [{ffiW5 c WG,GAB 6 Al,¥)] 
Simplification rules are only syntactically different, but operate as described by 



Definition 2.10 with Hi = 0, respectively. Note that propagation rules lead to trivial 
non-termination in this formulation, however that is no problem here, because the 
work at hand requires no propagation rules. 

A rule r € V is applicable to a state a if and only if there exists a state r such 
that er s— ► r. We say that a state a is final if and only if there exists no state r with 
a 1 — > t. As usual, ^->* denotes the reflexive-transitive closure of >— ». When we want 
to emphasize that a transition uses a specific rule r we denote this by >— > r . When 
discussing multiple programs, >— >p denotes a transition using a rule of program V. 
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Example 2.3 (Example Computation) 

In this comprehensive example, we present a complete computation in CHR. Read- 
ers already familiar with CHR may want to skip this. 

The following rule ( Friihwirth 2009 ) is a program for computing the minimum of 
a multiset of numbers: 

mm(N)\ min(M) N < M | T 

Intuitively, two min constraints are matched and the one with the larger number 
is removed. We will now walk through the detailed computation of running the 
following input a on the above program, in order to determine the minimum of the 
numbers 1, 3, and 4: 

a = (min(l) W min(3) W min(X), X = 4, {X}) 

First, we take a fresh copy of the rule as demanded by Definition |2.10| 

min(iVi)\ min(Mi) ^ Ni < M x | T 



Next, we apply Definition |2.8| in order to show that a is contained in the equiv- 
alence class required for applying this rule (we use V = {X} here): 

CT 

a = (min(l) l±l min(3) I±J min(X), iVi < M\ AX = 4AiVi = lA M\ = 3, V) 

S = St (min(iVi) 1+1 min(Afi) l±J min(X), N x <M 1 AX = 4AN 1 = lA M x = 3, V) 
= (min(iVi) i±J min(Mi) ttl G, iVi < M x A B, V) 

Hence, all conditions for Definition |2.10| are satisfied, so we can apply the rule to 
the equivalence class of a, getting a >— » r, or more precisely, [a] >— > [r]: 

a >-> (min(7V 1 ) l±l G, iV x < M x A T A B, V) 

(miii(JVi) W min(X), iVi < Mi ATAX = 4AiVi = lA Mi = 3, V) 

S, i st (min(l) t+J min(X), iV x < M x A T A X = 4 A iV x = 1 A M x = 3, V) 

CT 

= (min(l) Wmin(X),X =4,V) =r 

Next, we repeat this procedure for another application of the above rule, based 
on the following fresh copy: 

min(iV2)\ mm(M 2 ) ^ N 2 < M 2 \ T 

This results in the expected answer, that 1 is the minimum of the numbers 1, 3, 
and 4: 

CT 

r = (min(l) l±J min(X), iV 2 < M 2 A iV 2 = 1 A M 2 = X A X = 4, V) 



Subst 



Subst 
CT 



(min(7V 2 ) I±J min(M 2 ), A^ 2 < M 2 A iV 2 = 1 A M 2 = X A X = 4, 
(min(7V 2 ), iV 2 < M 2 A T A iV 2 = 1 A M 2 = X A X = 4, V) 

(min(l), iV 2 < M 2 A T A N 2 = 1 A M 2 = X A X = 4, V) 

(min(l),X = 4,V) 



We can also witness the difference between global and local variables in this 
computation. While the variable X is no longer used in a CHR constraint in the 
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final state, we still have to keep track of the information X = 4, because it is a 
global variable. The auxiliary variables Ni,Mi, . . . instead, are local when used in a 
CHR constraint and strictly local, when only occurring in the built-in store. In the 
latter case we may replace the built-in store by a logically equivalent representation 
that removes the strictly local variables. 



3 Embedding GTS in CHR 

In this section we encode rules of a graph transformation system as CHR rules and 
discuss how host graphs are encoded in CHR to work with these rules. Section [3~T] 
defines the necessary encoding and presents an example computation in CHR. We 
then analyze formal properties of graph transformation systems embedded in CHR 
in Section |3.2| Finally, Section |3.3| discusses the suitability of this encoding for 
program analysis and variations of the encoding. 

In this work, we assume that the CHR programs resulting from encoding a GTS 
are executed only with encodings of graphs. Naturally, we may provide the CHR 
programs with completely different inputs or inconsistently encoded graphs. It is 
clear, that we cannot expect any meaningful results from such computations, hence, 
for the remainder of this work we restrict all observations to programs and states 



that correspond to GTS and graphs. We formalize this restriction in Section 3.2 by 
means of an invariant. Therefore, on one hand any state that violates the invariant 
will not be considered as input, and on the other hand any graph can be encoded 
into a state that satisfies the invariant. We show in Section [3.2.21 that execution of 
the encoded GTS in CHR for invariant-satisying states always leads to results that 
also satisfy the invariant. In other words, when providing a graph as input to the 
CHR program, the result will also be a graph, as is to be expected. 



3.1 CHR Encoding of a GTS 

First, we determine the necessary constraint symbols for encoding rule and host 
graphs. At this point we require the GTS to be typed, so this can be directly 
inferred from the corresponding type graph as explained in Definition |3.1| Note 
that this is not a restriction though, as every untyped graph can be typed over the 
type graph consisting of a single node with a loop (cf . Figure [6]) . 

Definition 3.1 {type graph encoding) 

For a type graph TG we define the set C of required constraint symbols to encode 
graphs typed over TG as the minimal set satisfying: 

• If v G Vtg then v/2 G C. 

• If e G E TG then e/3 G C. 

We assume that all constraints introduced by Definition |3 . 1 1 have unique names. 
Furthermore, for graphs to be encoded with these constraints, we associate elements 
of the set V of nodes with integer numbers or letters that can be used as arguments. 
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Fig. 7. Cyclic graph consisting of two nodes 
Definition 3.2 [typed graph encoding) 

We define the following helpful mappings for an infinite set of variables VARS: 

• type G (x) denotes the corresponding constraint symbol for encoding a node 
or edge of the given type. 

• var : G — > VARS, x > X x such that X x is a unique variable associated to x, 
i.e. var is injective for X being the set of all graph nodes and edges. 

• dvar : G — > VARS, a; i-> X x such that X x is a unique variable associated to 
x, i.e. dvar is injective for X being the set of all graph nodes and edges and 
different from var. 

Using these mappings we define the following encoding of graphs: 

!type G (a;)(var(x),deg G (a;)) if ieVgA£ = ground 

type G (a;)(var(:r), dvar (a;)) if x £ V G A E = keep 

type G (x)(var(x), var(src(x)), var(tgt(ir))) if x £ Eg 

We use the notations chr(ground, G) = {chr G (ground, x) \ x £ G} as well as 
crir(keep, G) = {chr G (keep, x) \ x £ G}. Furthermore, we omit the index G if the 
context is clear. We call dvar(i;) the degree variable for a node v. 

A host graph G is encoded in CHR as ( chr (ground, G), T,V), where V can be 
chosen freely. 

Example 3.1 (cont) 

For our example of the GTS for recognizing cyclic lists we assume the type graph 
in Figure [6j Based on this type graph we need the constraints node /2 and edge /3. 
The host graph G given in Figure [7] that contains a cyclic list consisting of exactly 
two nodes is encoded in chr(ground, G) as: 

node(A^i, 2), node(A 2 , 2), edge(£i, N lt N 2 ), edge(£ 2 , N 2l N 1 ) 

The same graph G encoded in chr(keep, G) has the following form: 

node( Ai ,D X ), node( N 2 ,D 2 ), edge(E 1 ,N U N 2 ), edge(E 2 , N 2 ,N 1 ) 

We can now encode a complete graph production rule based on these definitions: 

Definition 3.3 {GTS rule m CHR) 

l T 

For a graph production rule p = (L 4— K — > R) from a GTS we define g(p) = 
{p@C L & C% C b R ) with 

• Cl = {chri(keep, x) \ x £ K} l+l {chr^ (ground, x) \ x £ L \ K} 

• Cx = {chr fl (ground, x) \ x € R \ K} t±J {chr i j(keep, e) | e £ E K } 
W{chr fl (keep,w') \ v £ V K } 
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Fig. 8. Graph with a dangling edge if node 2 is removed by the twoloop rule 



• C b R = {var(i>) = var(u') A dvar(w') = dvar(v)— &eg L (v)+ Aeg R (v) \ v £ Vk} 

A CHR program that is created from a GTS according to the above definition, 
will be referred to as a GTS-CHR program for the remainder of this work. 

Example 3.2 (cont.) 

As an example, consider the second rule from Example 2.2 which reduces two cyclic 
nodes to a single node with a loop. Its encoding as a CHR simplification rule is 
given below: 

twoloop @ node(Ai, D x ) l±l node(A 2 , 2)1+1 

edge(£d, N u N 2 ) W edge(£ 2 , N 2 ,N X ) 

node(A(, D[) W edge(£ 3 , N^Nx), N{ — N x A D[ = D x -2+2 
Note that it is also possible to simplify this encoding, as explained later in Sec- 
tion [3321 



When applying a GTS rule the gluing condition has to be satisfied. Due to our 
restriction to injective match morphisms, the gluing condition is violated if there 
exists x £ DP with x £ GP. Intuitively, when a node gets deleted by a rule, the 
corresponding node in the host graph may have an edge adjacent to it which is 
not explicitly given in the rule. In such a case, the remaining edge would be left 
dangling as it is no longer adjacent to two nodes. Therefore, this situation has to 
be avoided and before a rule is applied to a host graph, we first have to ensure that 
there are no dangling edges according to the following definition: 

Definition 3.4 (dangling edge) 

A dangling edge is an edge e £ Eq \ m(Ei) such that there is a node v £ Vl \ Vk 
with m(v) = src(e) V m(y) — tgt(e). 



Example 3.3 (cont.) 

Consider the twoloop rule given in Example |3.2| along with the following encoded 
host graph shown in Figure [8} 

node(V r i, 2), nodc(V 2 , 3), node(V 3 , 1), 

edge^x, V U V 2 ), edge(E 2 , V 2 ,V X ), edge(£ 3 , V 2 , V 3 ) 

Applying the twoloop rule to this graph to remove the node V 2 would leave the 
edge E 3 dangling. However, this is avoided as the encoding of the twoloop rule 
contains the following constraint in its head: node(_/V 2 , 2). Hence, only a node with 
a degree of exactly 2 can be removed by this rule. Nevertheless, the rule can be 
applied with N 2 = V\ as the node V\ has the required degree of 2. 
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Fig. 9. Example computation 



3.1.1 Example Computation 

In this section we provide a complete computation for our cyclic list example to 
demonstrate how our encoding works. The following two rules are the CHR encoding 
of the rules in Figure [5j 



unlink @ node(A r i, D{) 1+1 node(JV, 2) l±J node(JV 2j D 2 p 
edge(£?i, N u N) l+J edge(-E 2) N, N 2 ) 

node(N{,D[) l+J node(i\^, Z> 2 ) W edge(£, Ni, N 2 ), 

N[ — Ni A N 2 — N 2 A D[ = Di+l-l A D' 2 — D 2 +l-l 

twoloop @ node(iVi, D x ) l+J node(7V, 2)1+1 

edge(£i,iVi,iV) W edge (£2, iVi) 

node(7V{ , l+J edge(£, Nt,Ni), 
N{ = N 1 AD' 1 = L»i+2-2 



The following state cr encodes a cycle consisting of three nodes. The following 
computation is depicted in Figure [9j To demonstrate computations on partially 
defined graphs, further discussed in Section 3J3 the degree of the third node is left 
uninstantiated: 

a = (node(iVi, 2) l+J node(iV 2 , 2) l+J node(iV 3 , D 3 ) 1+1 
edge(£i, Ni, N 2 ) W edge(E 2l N 2 , N 3 ) W edge(£ 3 , N 3 , N{), 
T,{N U N 2 ,N 3 ,E 1: E 2 ,E 3 ,D 3 }} 

Rule unlink is applied to state a resulting in the state 

(node(N' 1 ,D' 1 )iSnode(N^D' 3 )\±ledge(E,N 1 ,N 3 )Hledge(E 3 ,N 3 ,N 1 ), 
N[=N 1 A D[ = 2+1-1 A N 3 — N 3 A D 3 = D 3 +l-l, {N U N 2 ,N 3 , E 1: E 2 ,E 3 , D 3 }) 

which is equivalent to state a': 

a' = (node(N 1 ,2)i£node(N 3 ,D 3 )\Sedge(E,N 1 ,N 3 )^edge(E 3 ,N 3 ,Ni), 
T,{N U N 3 ,E 3 ,D 3 }) 

Finally, rule twoloop is applied to a' to remove node Ni, resulting in a": 
a" = {node(N 3 ,D 3 )Uedge{E',N 3 ,N 3 ),T,{N 3 ,D 3 }) 

As can be seen the built-in store may contain a chain of degree adjustments 
for nodes with initially uninstantiated degree, although in this example it is not 
the case as all degrees remain unchanged. The other interesting consequences of 
partially uninstantiated encodings are investigated more thoroughly in Section [373] 
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3.2 Formal Properties 

This section examines formal properties of the encoding given in Section [3. 1| First, 



Section 3.2.1 analyzes the special CHR states found when working with a GTS- 



CHR program. Then we prove soundness and completeness of the encoding in Sec- 
tion 13X2 

Our encoding is based on the assumption that the resulting CHR programs are 
executed only for initial states that correspond to graphs. We are not interested in 
executions for arbitrary CHR states. 



3.2.1 States Encoding Graphs 

In this section we compare the different equivalence notions, i.e. graph isomorphism 
and CHR state equivalence, and present a formal characterization of a CHR state a 
that is the encoding of a graph G. 

In order to determine if a CHR state encodes a graph, we define a predicate that 
holds if and only if this is the case. It is intuitively clear, that starting with the 
encoding of a graph and transforming it via a graph transformation rule yields the 
encoding of a graph again. Formally, this is an invariant according to the following 



definition. The hrst appearance of invariants in CHR research is found in (Lam and 



Sulzmann 2006 ) in the context of agent programming. 
Definition 3.5 [Invariant) 

An invariant X is a predicate such that for all ctq and o\ , we have that if ero >— * ""l 
(or (To = <Ti) and T(o~o) then X{u\). 

The definition below introduces our desired property for CHR states. Note that 
it is referred to as an invariant here, although we do not require it to be an invariant 
throughout this section. In Section 3.2.2 more precisely Corollary [6j we will show 
that it is indeed a proper invariant. 

Definition 3.6 [Graph Invariant) 

Let a = (G, B c A B a , V) be a state where B c are constraints of the form X = c for 
constants c and B Q are constraints of the form X = Y+C1—C2 for constants Ci,c 2 . 

The graph invariant Q holds for state a if and only if there exists a graph G and 
a conjunction B of equality constraints of the form X = c for a variable X and 
constant c, such that 

(G, B c A B a A B, 0) = (chr(ground, G), T, 0) 

For a state a for which Q (a) holds with a graph G we say a is a Q-state based on G. 

Example 3.4 



Consider again the final state a" from the example computation in Section 3.1.1 

a" = (node(N 3 ,D 3 )\±)edge(E',N 3 ,N 3 ),T,{N 3 ,D 3 }) 

By using the equality constraint B = (D 3 = 2) the resulting state for Defini- 
tion [3]6] is equivalent to: 

(node(7V 3 , 2) W edge(£', N 3 , N 3 ),T, 0) 
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Let G be the graph consisting of a node v with a loop, then chr(ground, G) = 
node(iV„, 2) l±) edge(iS, N v , N v ). Therefore, the invariant Q is satisfied for the above 
state a" as the corresponding states are equivalent by renaming of local variables. 

This example further shows why the variable set V is disregarded for the two 
states. The variable given by var for a node of the graph has to coincide with the 
corresponding global variable for both states to be equivalent. Hence, for the above 
graph with node v, knowledge of the state a" would be necessary to determine 
that var(w) = N 3 . Omitting global variables from both states, however, allows us 
to freely map v to any variable through var(w). 



Example 3.5 

For the state a = (chr(keep, G), T, V) there clearly exists such a graph G, for which 
B simply assigns the corresponding degree variables. States may also be in-between 
chr(ground, G) and chr(keep, G) in the sense that only some of the degree variables 
are instantiated, resulting in a state a' = (chr(keep, G),B C , V) with B c being the 
corresponding equality constraints. By instantiating the remaining degrees it is clear 
that g(a') holds. 

Note that arithmetic built-in constraints, introduced by bodies of rules in order 
to adjust a node's degree, are covered by the above graph invariant definition: The 
introduction of the corresponding degree equality constraint leads to a collapse of 
the chain of arithmetic constraints. Hence, the concept of a G-st&te based on G 
also applies to intermediate computation states, which gives rise to the following 
lemma. 

Lemma 3 {Graph States) 

Let Q{<j) hold for a state a, then there exists a graph G such that 

a = (chr(keep, G),B C A B Q , V) 

• B c is a conjunction of dvar(u) = deg G (u) constraints 

• B a is a conjunction of dvar(u') = dvar(u)+ci— C2 constraints 



Proof 

Let cr = (G,B C A B a ,V), then by Def. [3^6] we have that (G,B C A B a A B, 0) = 
(chr(ground, G), T, 0) for a graph G and X = k constraints B. 

W.l.o.g. all identifier variables occurring in chr(ground, G) (and therefore in 
chr(keep, G)) also occur in <G as identifier variables. Due to the state equivalence 
the difference between G and chr(keep, G) can then only consist in G specifying 
some node degrees by constants (for degree variables we can again assume that they 
are the same as in chr(keep, G)). 

Let O be a conjunction of equality constraints of the form X = c for each degree 
specified explicitly in G, using fresh variables for X. Interpreting as a substitution, 
replacing X with c for each of the equivalences, we have that 



g= (chr(keep, G)9,B C A B a , V). 



Analyzing GTS through CHR 



17 



As all variables occurring in are local, we get by Def. |2.8| 

CT 

a = (chr(keep,G)6,B c AB A0,V) 

Sl i st (chr(keep,G),B c AB Q A6,V) 
(chr(keep, G),M' C A B Q , V) 

□ 

The reverse direction of Lemma [3] does not hold in general: The state a = (0, D = 
0Al = lAfl = X+2~ 0, 0) satisfies the conditions for an empty graph G, but of 
course Q(a) does not hold, as (0, _L, 0) ^ (0,T,0). 

The following lemma presents an interesting fact of the correspondence between 
state equivalence and graph isomorphism: equivalent CHR states encoding two 
graphs imply that these graphs are isomorphic. 

Lemma 4 (Equivalent Q -states imply Graph Isomorphism) 

Given a state cri = (chr(keep, Gi),Bi, V), a C?-state based on Gi, and a state 
(T 2 = (chr(keep, G2),B 2 , V), a (/-state based on G2, then 

0"1 = 0"2 Gi ~ G2 

Proof 

First, we note that Bi,B2 consist only of degree equalities or adjustments. There- 
fore, we consider the following states instead, which are already sufficient to imply 
the isomorphism: 

(chr(kccp,Gi),T,V) = (chr(keep,G 2 ),T,V) 

W.l.o.g. let the local variables occurring in the two states be disjoint (it is clear that 
otherwise we can consider equivalent states that only differ by renaming of local 
variables and that these states all provide corresponding graph isomorphisms). 

Let j/i and y 2 be the set of local variables of the two states. We can then apply 
the criterion from Thm. [2] to get 

CT |= 3yi.chr(keep, Gi) = chr(keep, G2). 

As there are only variable terms contained in this equivalence we have the following 
conclusion, where c(t) is any constraint with argument terms, i.e. variables, t. 

3/ : f/i -> j/2 with c(t) £ chr(keep,Gi) -> c(f(t)) e chr(keep, G 2 ) 

We know that / is surjective (as the variables are disjoint and the above equality 
demands that at least one variable from j/i is mapped to each variable in y 2 ). A 
consequence of this is that \yi\ > \y 2 \- 

Analogously, we get from CT \= 3y 2 -chr(keep, G\) — chr(keep, G 2 ) that |y 2 | > 
|j/i|, and hence, | |7x | = \Vi\- From this follows that / is also injective, and therefore, 
bijective. 

Next we realize, that by the above equality, / has to map local variables corre- 
sponding to node identifiers to local variables that also correspond to node identi- 
fiers. Let y n i C y~i,y n 2 C 2/2 be the local variables used for node identifiers, then 
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/' : Uni ~~ ^ VniiV i-> f(y) is a well-defined and bijective function. We use this to 
define the actual graph isomorphism function g : Vg x ~ > Vg 2 : 

. , J" ti if var(w) e V 

1 u' if var(v) € y nl and /'(var(u)) = var(V) 

g is well-defined: for every node there is a corresponding node identifier variable 
and it has to be either global or local. If it is local, then /' has to map it to another 
local variable, as otherwise the = relation cannot hold. Furthermore, g is bijective 
as well, because it is defined bijectively via /' on local variables and the identity 
function on global variables. 

Finally, g is a graph isomorphism: By the above equality we have corresponding 
pairs of edge constraints. For every edge adjacent to a node given by a global 
variable, the corresponding edge has to be adjacent to the same node with the same 
global variable in order to satisfy =. If the edge is adjacent to a node identified by 
a local variable, then this variable is bijectively mapped to another local variable 
and the above equality ensures that the corresponding edge is adjacent to the same 
node as well. □ 

The reverse direction of Lemma [4] cannot hold in general: The encoding of the 
graphs Gi and G2 are independent from determining the set V of global variables. 
Even a graph consisting of a single node only can be encoded in two ways, such 
that the states are not equivalent: 

(node(7V, 0), T, 0) ^ (node(7V, 0), T, {N}) 

As indicated in Section |3.1.1[ states may contain node encodings with a variable 
degree. As these states are fundamental for program analysis the following definition 
characterizes the set of these nodes. 

Definition 3.7 (Strong Nodes) 

For a CHR state a = (chr(keep, G),B, V) which is a C/-state based on G we define 
the set of strong nodes as: 

S(a) = {v eV G \ dvar(w) = deg G (w) g B} 

The effect of strong nodes on computations and their use in program analysis is 
discussed in detail in Section [331 

3.2.2 Soundness and Completeness 

In this section, we prove soundness and completeness of our embedding. That Q 
is an invariant for a GTS-CHR program and that termination of a GTS and its 
GTS-CHR program coincide, are then derived as consequences of the main theorem 
below. 

Theorem 5 (Soundness and Completeness) 

Let a = (chr(keep, G),B, V) be a CHR state with G(cr) holding with graph G. Then 
G=^?H with {v e V G I tv G ^H (v) defined} D S(a) 
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(j^ r t= (chr(keep,iJ),B',V) and G(t) holds with graph H. 

Proof 

In order to shorten this proof we use k(G) and 17(G) to denote chr(keep, G) and 
chr (ground, G), respectively. 

Let G =>■ H and let r : L -s- K R. 

Let <G := k(G) = k(G \ m(L)) W k(m{E L )) W fc(m(F*:)) W fc(m(Vi, \ V K )) a = 
(G,B,V>. 

Let e(r) = (r @ G L ^ G£, G%) with G L = fe(if) W g(L \ K). 

For » 6 tj, we have type G (i>)(var(v), _) € G^ and 
type G (w)(var(m(i;)), dvar(m(w))) 6 fc(m(V/f)), as the types match due to m being 
a graph morphism. 

As we have a fresh rule using node v that does not occur elsewhere we can say 

CT 

that a = (<G, var(m(v)) = var(w) AB,V), and hence 

a = St (<G[var(m(t>))/ var(u)], var(r7i(i>)) = var(u) A B, V) (1) 

Considers £ Vl\Vk, then type G (i')(var(-y), deg L (v)) £ Cl- Assume that m{v) £ 
S{a), then tr G= ^# (m{v)) is defined, which is a contradiction to v £ Vl\ Vk- There- 
fore, m(v) £ S(a) and hence dvar(m(v)) = deg G (m(v)) £ B. As G H satisfies 
the gluing condition, we know that deg L (v) — deg G (m(v)). Therefore, we have that 

a = (G[var(m(u))/ var(v)][dvar(m(t>))/deg G (m(?j))], 

var(m(u)) = var(w) A B, V) 

From ([!]) for nodes v £ Vk and the above for nodes v £ Vl\Vk follows for a 
conjunction of equality constraints E that 

a= (k(G\m(L))Uk(rn(E L ))Uk(V K )Ug(V L \V K ),MAE,V) = (G',BA£,V) 

Let e £ E L , than type G (e)(var(e), var(src(e)), var(tgt(e))) £ Cl and after the 
previous substitutions have been made for node identifier variables, and as k(e) = 
g(e), we get type G (m(e))(var(ra(e)), var(src(e)), var(tgt(e))) £ a . We then have 

0= (G'[var(m(e))/var(e)],var(m(e)) = var(e) A B A E, V) (2) 

By applying this substitution for all edges e £ E^ and extending E with the 
required equalities to E' we get: 

cr = (k(G \ m{L)) W k{E K ) W g{E L \ E K ) W k{V K ) W g(V L \ V K ),M A E',Y) 

Hence, a = (k(G \ m(L)) l+l Gl,B A E' , V) such that we apply the rule g(r) to a: 

a^ r r = (k{G\m(L)) W C%,B A E' A C b R ,V) 

= (k(G \ m(L)) W g(R \ K) W k{E K ) W k(V K ),M A E' A C b R ,V) 

As C b R contains var(v') = var(u)Vi; G Vr- let C' R be G|j without these constraints, 
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then 

Subst 



T 



ee (k{G \ m{L)) t+J g(R \K)& k{E K ) l+J k(V K ),M A E' A C h R ,V) 



cr 



= (fc(G \ m{L)) W \ X) W fe(E^) t+J /c(Vr-),B A E' A G^, V) 

CT 

Let G := fc(G\m(L)) Wfe(if), then r ee (Gtt)g(i?\A'): B A J B'AC*^AL> fi , V) with 
Vw G Vr \ Vftr.dvar(w) = deg fl (v) £ Dr. Furthermore, consider a substitution 
corresponding to the reverse reading of E' which undoes the ideas of (JlJ and ([2| 
for all affected nodes and edges. We then get 

r Sl EE St (GWfc(_R\]f),i} J iA^ABA£' I V) 

S i st (k(G\m(L\K))M(k(R\K)e),D R aC' r AMaE',V) 

CT 

ee (k(G\m(L\K)) l+J (k(R\K)Q),D R A^6AB,V) 
ee (fe(J?),B',V) 

We get the graph _ff as its DPO construction corresponds to the removal of 
m(L \ K) and addition of R \ K. 8 is needed to attach the new nodes of R \ K 
to nodes from Vk and C' R contains degree adjustments for those nodes that are 
correct by construction. Hence, it also holds that Q(t) is satisfied with graph H. 



Let a ^ r t with r ee (k(H),B',Y) and Q{t) holds wit h grap h H. Let g(r) = 
{r@C L <=>C b R , C U R with C L = k{K) l±J g(L \ K). From Dcf. 



2.10 



follows that 



a ee (k(K) l+l g(L \ K) l+l k(G \ L),Bi, V) (3) 

Using Lemma[3]and with E being a conjunction of var(m(a;)) = var(x) constraints 
for x G L we get: 

a ee (fc(G),B c AB a ,V) 

ee (k{K) l±J k(L \K)\H k(G \ m(L)),B c A B Q A E,Y) 

§ (fc(if) W g(L \ K) t+J fc(G \ m(L)),B c A B a A V) 

where -E' is the extension of E with dvar(m(w)) = deg G (w) constraints for v G 
V L \ V K and B a = B c A B a A 

m : L — > G is well-defined and injective by the multiset semantics of CHR and it 
remains to be shown, that m is a graph morphism. Therefore, let e G -El, then 
type L (e)(var(e), var(src(e)), var(tgt(e))) G Gl and type L (src(e))(var(src(e)), _) l+J 
type L (tgt(e))(var(tgt(e)), _) G Cl- Hence, var(m(e)) = var(e), var(m(src(e))) = 
var(src(e)) and var(m(tgt(e))) = var(tgt(e)) are all in Bi. Therefore, m(src(e)) = 
src(m(e)) A m(tgt(e)) = tgt(m(e)). 

The gluing condition is satisfied, as Vw G Vl \ Vk the matched degree ensures 
that there are no dangling edges, hence, r is GTS-applicable to G. Similarly to the 
other proof direction, we show that the DPO construction of H coincides with the 
construction of r by CHR rule application: 
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<7^ r T = (k(K)b)g(R\K)\Dk(G\m(L)),M c AM a AE' AC b a ,Y) 

% (k(K) W g(R \K)bi k(G \ m(L)),M c A B a A E A C R , V) 

S = st (k{m(K)) W 5 (i? \ if ) W fc(G \ m(L)), B c A B a A £ A V) 
(g(i? \ if) W fc(G \ m(i \ if )),B C A B a A E A V) 
= (g(R \ if)6 W fc(G \ m(L \ if )), B c A B a A C b R , V) 
= (fc(ii),B',V) 

where is the reverse substitution for similar to the other proof direction. The 
final equivalence comes from extracting the degrees of constraints in g(R \ K) into 
equality constraints contained in B'. As can be seen here, the application of the 
rule results in a state encoding the graph H, such that Q(t) holds. 

Finally, for the set S(o~) we know that the nodes cannot be removed by rule r: 
For a node v € Vl \ Vk we have type L (v )(v&r(v), deg L (v)) € Cl, but this cannot 
be matched with a, as by Def. |3.7| the corresponding degree is unavailable. Hence, 
none of the nodes from S(a) are removed by the rule application G ==> ii, i.e. 
tiG^H{v) is defined for all v e S(cr). □ 

As can be seen in the proof of Theorem [5j a GTS-CHR rule application on a 
(/-state based on G always results in a state encoding a corresponding graph H, 
which gives us the following corollary. 

Corollary 6 {Q Invariant) 

For a GTS-CHR program Q is an invariant. 

A closer look at the conditions required in Theorem [5] reveals that for a state a 
with <S(er) = 0, i.e. for an encoding of a graph with all degrees explicitly given, we 
have unrestricted soundness and completeness. 

Corollary 7 ( Unrestricted Soundness and Completeness) 

Let a = (chr (ground, G), T,V) be a CHR state with Q(a) holding with graph G. 
Then 

if and only if 

a ^ r t = (chr (ground, H), T, V) and G(t) holds with graph H 



Proof 

This follows from Theorem [5] and the following insight: as all degrees of G are 
specified explicitly and all nodes added by the rule are also given explicit degrees, 
all degrees in H are given explicitly as well, which allows us to use chr(ground, H) 
here. □ 

Finally, the soundness and completeness result induces a termination correspon- 
dence between a GTS and its GTS-CHR program. Again, we restrict our observation 
to graph-encoding states. 
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Corollary 8 {Termination Correspondence) 

A GTS is terminating if and only if its corresponding GTS-CHR program is ex- 
terminating, i.e. terminating for all ^-states. 

Proof 

If a GTS contains a non-terminating derivation, we have the corresponding compu- 
tation in its GTS-CHR program by Corollary]?] Similarly, if the GTS-CHR program 
has a non-terminating computation, there exists a corresponding non-terminating 
GTS derivation according to Theorem [5] □ 

3.3 Discussion 

In this section we discuss our previously presented encoding. First, Section |3.3.1| 
investigates that a GTS-CHR program works with partially defined graphs and 
explains the suitability of these graphs for program analysis. Then we present ways 
to simplify the encoding of GTS-CHR rules in Section [3. 3. 2| 

3.3.1 Partially Defined Graphs 

In the example computation given in Section [3. the input contains a node with a 
variable degree: node(A r 3, -D3). Nevertheless, computations on this input are possible 
and the example resulted in the final state: 

(node{N 3> D 3 )\£edge(E',N 3 ,N 3 ),T,{N 3 ,D 3 }) 

In general, a variable node degree will cause a chain of degree adjustment con- 
straints to be created, i.e. constraints of the form X = Y+ci—c 2 . These stem from 
the node being involved in a rule application that affects its degree. 

It is important to realize that we can only match such a node in rules that do not 
remove it. A rule that removes a node contains the explicit degree for that node in 
the head, which cannot be matched through a variable degree. As a consequence, 
specifying variable degrees in the input ensures that the corresponding nodes will 
not be removed by the computation. This also becomes clear from the investigation 
of strong nodes in the previous section. 

While this is an interesting feature in its own right, it provides the basis for many 
forms of program analysis. The aim of program analysis is to make statements on 
an infinite number of graphs, while only having to investigate a small selection of 
graphs. Graph encodings with variable degrees can here be thought of as partially 
defined graphs, i.e. there may be any number of further edges being connected to 
a node with a variable degree. 

Note that partially defined graphs only exist within the CHR context. In a GTS 
the degree of a node is implicitly given by the adjacent edges. As a consequence, 
leaving a node's degree undefined in the CHR encoding ensures, that this node will 
not be removed during computation. In the GTS context we have no such option 
available for host graphs. 

By the above argument, the state 

(node(N,D),T,{N,D}) 
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therefore not only represents the graph consisting of a single node and no edges. 
Instead, it represents the set of all graphs with at least one node. Similarly, the 
above final state from Section 3.1.1 stands for the set of graphs that contain at 
least one node with a loop. 

Every computation performed on an input with variable degrees actually repre- 
sents computations for an infinite set of graphs. This is a fundamental feature for 
the usage of our encoding in program analysis and will be exploited in Sections [4] 
andO 



3.3.2 Different Encoding Possibilities 
The encoding proposed in this work can be varied in several different ways. We 



chose the encoding in Definition |3 . 2| and Definition 3^ for this work, because it is a 
verbose encoding, hence, directly presenting all its components and simplifying the 
proofs. In practice however, a less verbose encoding resulting in shorter rules can be 
used instead. In this section we present different possible simplifications achieving 
this. 

The different simplifications are illustrated by applying them to the twoloop rule 
which is of the following form when encoded as specified in Definition |3.3| 



twoloop @ node(iVi, D x ) 1+1 node(iV 2 , 2)l±J 

edge(E 1 ,N 1 ,N 2 ) l+J edge(£ 2 , N 2 ,N 1 ) 
^> 

node(iV(, D[) l+J edge(£ 3 , N^N^,^ =N 1 /\D' 1 = £>i-2+2 
There are two ways to specify the degree of nodes in L \ K. The one chosen in 



Definition 3.3 explicitly specifies the respective degree in the head. Another way 
is to keep the degree as a variable D in the head and add the built-in constraint 
D = k to the guard of the rule. However, most current CHR compilers detect these 
equalities and automatically transform between them to the representation most 
suitable for an optimization. Therefore, in this work we directly specify the degree 
in the head to avoid guards altogether. 



Variable Elimination As Definition |3.3| encodes a node v € Vk using a new node 
identifier v' with var(i>) = var(V) and v&r(v') is not used elsewhere, this substitution 
can be included directly into the rule encoding: 

twoloop @ node(iV 1 , Dx) l+J node(N 2 , 2)1+1 

edge(^! , Ni , N 2 ) W edge(£ 2 , N 2 , JVk) 

node(A^ , D[) W edge(£; 3 , JVi, JVi), D{ = D^2+2 

Note that we perform variable elimination on node identifiers by default in the re- 
mainder of this work. However, as we need to take degree adjustments into account, 
the formulation of Definition |3.3| is simplified by the variable duplication. 
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Arithmetic Simplification The degree adjustments in Definition 3.3 explicitly con- 
tain the information on how many edges the rule deletes and creates. For the ad- 
justment itself, however, it is sufficient to simply adjust the degree by the actual 
change in the number of edges. Additionally, if the change is 0, like in the twoloop 
rule, the extra local variable used for the degree can be substituted, resulting in: 



twoloop @ node(Ni,Di) I±J node(7V 2 , 2)1+1 

cdge(£i , Ni , N 2 ) W edge(£ 2 , N 2 , N x 

node(Ni,Dx) l±J edge(£7 3 ,JVi,iVi) 



Elimination of Edge Identifiers The edge identifier variables are used throughout 
this work, because they simplify dealing with the multiset semantics of CHR with 
respect to the edge constraint representing exactly one edge of a graph. In a CHR 
implementation, however, every constraint is implemented as a unique object - 
sometimes even annotated with an identifier number - which makes the explicit 
edge identifiers redundant. Using this idea the twoloop rule can be further simplified 
to: 

twoloop @ node(jVi, £>i) l±J node(iV 2 , 2)l±J 
edge(JVi, N 2 ) W edge(7V 2 , N t ) 
<^ 

node(A^i , D x ) l±J edge(Ai , N x ) 

Note that the same argumentation cannot be applied to node identifiers, as those 
are required for specifying the source and target of edge constraints. 

Simpagation Rules Some nodes and edges of the left-hand rule graph L of a GTS 
rule can occur only to specify a certain graph context and are unaffected by the 
rule application. For nodes this can also happen if the modification to adjacent 
edges results in no change to the degree, as in the twoloop rule. In those cases, the 
node or edge is encoded in exactly the same way in the head and body of the rule. 
Therefore, during the rule application the corresponding constraint is removed and 
introduced again. Using a simpagation rule allows us to move such a constraint 
into the part of the head which is not removed during the rule application. This 
reduces the textual size of the rule as well as its execution time, because it avoids 
the generation of a new constraint during the rule application. 

After applying all the previous simplifications to the twoloop rule and transform- 
ing it into a simpagation rule we get the following simplified rule: 

twoloop® node(A r i, D{)\ 

node(A r 2 , 2) l±J edge(N 1 ,N 2 ) W edge(iV 2 , 2V X ) 

edge(JVi,iVi) 

One might be tempted to always create simpagation rules in Definition [33J based 
on the idea that the context graph K already identifies non-removed nodes. How- 
ever, the above creation of simpagation rules with node constraints among the kept 
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constraints, is only possible if the respective node's degree remains unchanged by 
the rule application. 

Readers more familiar with CHR may also wonder if propagation rules could be 
used as well. It is technically possible to define a GTS rule that does not remove any 
elements, but only adds new nodes and edges. However, a thusly created GTS would 
suffer from a problem that in CHR literatue is referred to as trivial non-termination 
(see e.g., ( Friihwirth 2009[ )), i.e. such a rule could be applied infinitely often. For this 
reason, most CHR implementations restrict propagation rule applications, hence, 
our encoding using simplification or simpagation rules remains more faithful to the 
semantics of graph transformations. 



4 Analyzing Confluence 

The confluence property is relevant to both, graph transformation systems and 
Constraint Handling Rules. It guarantees that any terminating computation made 
for an initial state results in the same final state no matter in which order applicable 
rules are applied. 

In Sect ion [4T] we formally introduce confluence, both for GTS and CHR. Further- 
more, we give the definitions for critical pairs in both systems, which are derived 
directly from the rules. Investigation of critical pairs for determining confluence of 
a terminating rewrite system goes back to research about term rewriting systems 



(Huet 1980), and both, GTS and CHR, have adapted the corresponding criteria. 



Next, Section 4.2 examines the relation between critical pairs of a GTS and its 



corresponding GTS-CHR program. We then introduce the concept of observable 



confluence (Duck et al. 20071. It is a technical means to restrict our observations to 
CHR states that correspond to graphs. This in turn results in a closer correspon- 
dence between GTS and CHR for later results. 



For terminating GTS, confluence analysis proved to be undecidable: (Plump 



2005) showed that the critical pair analysis gives only a sufficient criterion for 
confluence. We show that the decidable observable confluence test of a GTS-CHR 
program coincides with this criterion. 

The discrepance in decidability of the two systems' confluence properties is dis- 
cussed in Section [4.3| for exemplary critical pair analyses. 

4 ■ 1 Preliminaries 

This subsection introduces the necessary definitions for GTS and CHR confluence 
before comparing the two notions. Unless noted otherwise, the involved graph trans- 
formation systems and GTS-CHR programs are assumed to be terminating. 

Definition 4-1 (GTS Confluence) 

A GTS is called confluent if, for all typed graph transformations G => Hi and 
G =>■ H2, there is a typed graph X together with typed graph transformations 
Hi => X and H 2 ==> X . Local confluence means that this property holds for all 



pairs of direct typed graph transformations G =>■ H 1 and G => H 2 (Ehrig et al. 
20061). 
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Newman's general result for rewriting systems (Newman 1942) implies that it is 
sufficient to consider local confluence for terminating graph transformation systems. 
To verify local confluence, we particularly need to study critical pairs and their 



joinability, according to the following definition based on (Ehrig et al. 2006 Plump 



2005). 



Definition 4-2 (Joinability of Critical GTS Pair) 

Let n = (L x (~ Ki A i?i),r 2 = (L 2 <- K 2 A R 2 ) be two GTS rules. A pair 
Pi r ^=^ Q r liS, 2 p 2 Q f di r ect typed graph transformations is called a critical GTS 
pair if it is parallel dependent, and minimal in the sense that the pair (mi,rn 2 ) of 
matches mi : L\ — >■ G and 777,2 : L 2 — > G is jointly surjective. 

A pair Pi 4== G ==>■ P 2 of direct typed graph transformations is called parallel 
independent if mi(Li) (lm 2 (L 2 ) C mi(Ki) fl m 2 (K 2 ) 1 otherwise it is called parallel 
dependent. 

A critical GTS pair Pi <== G P 2 is called joinable if there exist typed 

graphs Xi,X 2 together with typed graph transformations Pi ==> X\ ~ X 2 <== P 2 . 
It is strongly joinable if there is an isomorphism / : X x — > X 2 such that for each 
node v, for which tTG=>Pi(v) an d ^g^p 2 { v ) are defined, the following holds: 

1. tva^-p^Xi ( v ) an d ^g^p 2 ^x 2 i v ) are defined and 
2- /v(trG=>-Pi=>.Xi(«)) = tr G ^p 2 ^x 2 («) 

A similar notion of confluence has been developed for CHR. The following defi- 



nition is an adaptation of ( Friihwirth 2009 ) to the operational semantics on equiv- 
alence classes. 

Definition 4-3 (CHR Confluence) 

A CHR program is called confluent if for all states <r, <ti, and a 2 :\ioi *^ ^->* o~ 2 , 
then <7i and o~ 2 are joinable. Two states a\ and a 2 are called joinable if there exists 
a state r such that o~i ^* r a 2 . 

Analogous to a GTS, the confluence property for terminating CHR programs is 
determined by local confluence which can be checked through critical pairs. The 
following definition is adapted to the situation in this work, i.e. it only considers 
simplification rules and no guards. 

Definition 4-4 (Joinability of Critical CHR Pair) 

Let rj, i = 1, 2 be two (not necessarily different) simplification rules of the following 
kind with variables that have been renamed apart: 

Hi\tSAi&B?,B$ 

Then an overlap crcr of r x and r 2 is oqv = {Hx^S Ax^S H 2 , A x = A 2 ,W), provided 
Ax and A 2 are non-empty multisets, V = vaxs(Hx WAi Wi/2 WA2) and CT |= 3(Ai — 
A 2 ). 

Let ax = (P>i W 7J 2 , #i A (A x = A 2 ),V) and a 2 = (B' 2 l l±l Hx,B 2 A (^i = A 2 ), V). 
Then the tuple CP = (01, 172) is a critical CHR pair of 7"i and 7*2. A critical CHR 
pair (ui,a 2 ) is joinable if o"i and 02 are joinable. 
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4-2 Analyzing Confluence via Critical Pairs 

After defining the different notions of confluence we now further investigate the 
difference between critical GTS pairs and critical CHR pairs for GTS-CHR pro- 
grams. The following lemma shows that there exists a corresponding overlap for 
each critical GTS pair. Therefore, by examining the overlaps and using the previ- 
ous soundness result we can transfer joinability results to the critical GTS pair. 

Lemma 9 (Overlap for Critical GTS Pair) 

If P x G ^> is a critical GTS pair, then there exists an overlap acv 

of e (n) = (n @ C Ll «■ C^,C b R1 ) and g(r 2 ) = (r 2 @ C L2 & C% 2 ,C b R2 ) which 
is a <?-state based on G and a critical CHR pair (01,02) such that o\ is a te- 
state based on P\ and 02 is a C/-state based on P2. 

Proof 

Let the two GTS rules be Lj «- iQ -» i? 4 for i = 1,2 and let M = m 1 (L 1 )nm 2 (L 2 ). 
We then define the following sets of constraints from which we construct the overlap: 

Hi = {ciiTL 1 (keep, x) \ x 6 Li A mi(x) £ M} 

H 2 = {chr i2 (keep,x) | x £ L 2 A m 2 (x) £ M} 

Ai = {chr Ll (keep,x) | x £ L\ A m 1 (x) £ M} 

A 2 — {chr i2 (keep, x) \ x £ L 2 A m 2 (x) £ M} 

Ci = {dvar( U ) = deg il (v) | veV Ll \V Kl } 

C 2 = {dvar(w) = deg L2 (v) | v £ V L2 \ V K2 ] 

Let V = vars(i?i W H 2 W Ai W A 2 ) and let a = (Hi,Ci,W), then = 0' = 
({chr Ll (keep,x) | x £ KiAmi(x) £ M}l±l{chr Ll (ground, x) \ x £ Li\KxAmi(x) ^ 
M},T,V) =: (H 2 , T,V) by applying Ci as a substitution to Hi, and then removing 
Ci as all dvar(u) variables for v £ Vl ± \ Vk ± are then strictly local. 

Similarly, (Ai,Ci,V) = ({chr(keep, x) \ x £ KiAmi(x) £ M}l±){chr(ground, x) \ 
x € Li \ Ki A 7711(2;) £ M, T, V) =: (A[, T, V), and analogously, we define H' 2 and 
A! 2 . 



By Def.^we have that H[\±)A'i = C L i and H 2 \±lA' 2 = C L2 . As M ^ it follows 
that A[ and A' 2 are non-empty. To investigate if CT |= ^(A^ = A' 2 ) we take a closer 
look at the equality constraints imposed by A\ = A' 2 : 

{var(?Ji) = var(t> 2 ) | vi £ V Ll Av 2 £ V L2 ,mi(vi) = m 2 (v 2 )} 
A {dvar(?Ji) = dvar(t> 2 ) | t<i £ Vk 1 A v 2 £ Vk 2 A 777i(ui) = 7772(7^)} 
A {dvar(?Ji) = deg i2 (7j 2 ) | "l G V Kl A v 2 £ Vl 2 \ Vr 2 A mi(ui) = m 2 (v 2 )} 
A {dvar(w 2 ) = deg^Ui) | v x £ V Ll \ V Kl A v 2 £ V K2 A mi(ui) = 777 2 (u 2 )} 
{var(ei) = var(e 2 ) | e x £ E Kl A e 2 £ E K2 A mi(ei) = 7772(e 2 )} 
{de gii (ui) = deg L2 (7j 2 ) I v x £ V Ll \ V Kl Av 2 £ V Ll \ V K2 A 



A 
A 



17li(vi) = 777 2 (W2)} 



Except for the last row, the above equality constraints can easily be satisfied 
under existential quantification. Hence, the only remaining problematic case is when 
two node constraints with constant degrees are overlapped. However, the degree of 
irii{vi) = rn 2 (v 2 ) equals the degree of t>i and the degree of 7j 2 due to the gluing 
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Fig. 10. Graph production rule for removing a loop 



condition being satisfied, such that this case can only occur with equal constant 
degrees. 

Hence, acv — {H'^A'^H^ A\ — A' 2 ,Y) * s an overlap of q(t{) and g(r 2 ) with the 
critical CHR pair ((Cj^ W H' 2 , A[ = A' 2 A C b R1 , V) , (C R2 W H[ , A[ = A' 2 A C b R2 , V) . □ 

If we try to directly transfer the confluence property of a GTS to the correspond- 
ing GTS-CHR program, we cannot succeed however, as in general there are too 
many critical CHR pairs that could cause the GTS-CHR program to become non- 
confluent. The following example provides a rule which only has one critical GTS 
pair, but for which the corresponding CHR rule has three critical CHR pairs. 

Example 1^.1 

Consider the graph production rule in Fig. 10 It removes a loop from a node and 
has the following corresponding CHR rule: 

R @ node(7V, D) W edge(£, N, N) & node(iV, D'), D' = D - 2 

To investigate confluence one must overlap this rule with itself which yields the 
following three CHR overlap states: 

1. (node(7V, D) W edge(£:, N, N) W edge(£:', N', N'),N = N', {N, D, E, E', N'}) 

2. (node(A^, D) W node(iV', D') W edge(£:, N,N),N = N', {N, D, N', D' , E}) 

3. (node(A^, D) W edge(E, N, N), T, {N, D, E}) 

State ([T]) is not critical, because the corresponding pair of graph transforma- 
tions is parallel independent (cf. ( |Ehrig et al. 2006 1 , and hence, directly joinable by 



applying the rule again. State (|2j) is an invalid state, i.e. it violates Q, as it has mul- 
tiple encodings of the same node and state Q is the encoding of the corresponding 
critical pair for the graph production rule. 

As we want to rule out invalid states, we use the following notion of observable 



confluence presented in (Duck et al. 2007). It is based on restricting confluence in- 



vestigations to states that satisfy an invariant. Based on these invariants, observable 
confluence (or I-conflucnce) is defined as follows: 

Definition 4-5 (Observable Confluence) 

A CHR program P is I-confluent with respect to invariant 1 if the following holds 
for all states cr, o~±, and a 2 where I(er) holds: If o\ *^ a ^* a 2 then o\ and a 2 are 
joinable. 

In order to use the graph invariant Q for the notion of observable confluence, 
we have to investigate the properties of this invariant. We introduce the following 



definitions from (Duck et al. 2007). As overlap states themselves may not satisfy 
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the invariant we have to examine all possible extensions that satisfy it. Note that 



in ( Duck et al. 2007 1 CHR states are defined as 5-tuples consisting of a goal, user 
store, built-in store, token store, and the set of global variables. As such a verbose 
definition is not necessary for the remainder of this work, we use the more concise 



state definition from Section 2.2 and have adjusted the work from (Duck et al. 20071 
accordingly. 

Definition 4-6 {Extension, Valid Extension) 

A state a = (G,B, V) can be extended by another state a e = (<G e ,B e , V e ) as follows. 

a<a e = (GWG e ,BAB e ,V e ) 

We say that a e is an extension of a. A valid extension o~ e of a state a is an extension 
such that 

v € vars(G,B) A^¥^^ vars(G e ,B e , V e ). 

When applied to confluence checking with critical pairs there are generally in- 
finitely many possible extensions of a critical pair. To get a decidable criterion, the 
following relation on extensions F] allows us to consider only minimal elements. 

Definition 4-7 (Relation on Extensions) 

Let a = (<G,B, V) be a state, and let a e \ = (G e i,B e i, V e i) and er e 2 = (G e 2,B e 2, V e 2) 
be valid extensions of a. Then we define o~ e \ ~< a o~ e 2 to hold if 

1. there exists a valid extension er e 3 of (a<\a e \) such that (o~<io~ e i)<lo~ e 3 = <7<cr e 2 

2. V - V el C V - V e2 holds. 

Note that for any extension a e = (G e ,B e ,V e ) of a state a — (G,B,V) there 
exists a valid extension ct@ = (0,T,V) with cr0 ^ ct a e , simply because the second 



condition in Definition 4.7 is trivially satisfied and cr e 3 = (G e ,B e ,V e ) satisfies the 
first condition. 

In the following we want to discuss overlap states that do not satisfy an invari- 
ant X. Therefore, we are interested in extensions of those states, such that the 
result satisfies the invariant X. The following definition introduces the set of all 
those extensions and their minimal elements with respect to the previously defined 
relation. 

Definition 4-8 

Let S e (<r) be the set of all valid extensions of a state a, and let S^(cr) = {a e \ 
<7 e € S e (cr) AI((T < er e )} be the set of all valid extensions satisfying the invariant I. 
Finally, let M^[a) be the ^-minimal elements of EJ(ct). 



As shown in (Duck et al. 20071 the analysis of critical pairs can be extended 
to this context. Instead of requiring joinability of a critical pair - which might 
not satisfy the invariant Q - we require joinability for all possible extensions of 
a critical pair that satisfy Q. We make use of the relation on extensions here, 



1 Originally, in (|Duck et al. 2007 1 this relation is defined as a partial order, despite being neither 



transitive nor anti-symmetric. However, it is sufficient for this work to consider it as a reflexive 
binary relation. 
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such that we only have to investigate minimal extensions. Note that we implicitly 
consider minimal elements modulo built-in equivalence, e.g., the built-in store D = 1 
subsumes equivalent stores, like D = D' + 1 A D' = 0. 

Definition 4-9 

A program P is minimal extension joinable if for all critical pairs CP = (<7i,<72) 
with overlap <Jcv, an d f° r an °~e € M^(acv)i we have that {a\ <\ cr e ,a 2 < a e ) is 
joinable. 



It has been shown in (Duck et al. 2007) that joinability of critical pairs, stemming 
from overlaps with minimal extensions, is a necessary and sufficient criterion for 
Z-local-confluence if the relation on extensions is well-founded. 

Lemma 10 (Deciding T- Local- Confluence) 

Given that -< acT , is well-founded for all overlaps o~cv-, then: P is Z-local-confluent 
if and only if P is minimal extension joinable. 

Although, in our programs built-in constraints + and — occur, we can consider 
< acv well-founded for the following reason: On state components other than the 
built-in store the -<a CT> -relation corresponds to the well-founded subset ordering 
with the minimal element (cf. ( |Duck et al. 2007] )). For the built-ins, we can con- 
sider + and — as successor/predecessor terms (as they are only used with constants 



in rules), and hence, we get well-foundedness via proposition 1 of (Duck et al. 2007). 

We further note, that for any extension cr e and state acv holds that a% -<cr CT , 
<r e . The following discussion shows that either M^(acv) = {v®} or YP^ipcv) = 
M-tipcv) = 0- Whether the minimal element 0% exists depends solely on Q{pcv) 
holding as the following lemma shows. 

Lemma 11 (No Minimal Elements) 

If G(o~cv) is violated for an overlap gqv then no extension a e exists such that 
G(acv < fe) is satisfied, i.e. Yfi e (ocv) = M%(<tct>) = 0- 

Proof 

We proof this by a structural analysis of the overlap which gives the different 
possibilities for G(acv) to be violated. W.l.o.g. the overlap stems from the two 
rules e (n) = (n @ C Ll & C u Ri ,C b Ri ) and g(r 2 ) = (r 2 @ C L2 & C£ 2 ,C* 2 ) with 
the corresponding rule graphs L±, L 2 , K\, K 2 , Ri, and R 2 . 

First consider the case of nodes v± and v 2 being overlapped: 
Let type Li (wi)(var(ui),L»i) G C Ll and type Ls (v 2 )(va,r(v 2 ), D 2 ) G C L2 be over- 
lapped with type Ll (wi) = type i2 (u2). The equality constraint var(«i) = var(v 2 ) G 
acv resembles the merging of the two graph nodes V\ and v 2 . However, for the 
degree equalities different possibilities exist: 

• Di and D 2 are constants: Then D\ = D 2 = deg Ll (t;i) = deg i2 (w2) = k, 
as the overlap is impossible otherwise. Then gqv contains only one con- 
straint type ix (i>i)(var(ui), deg Ll (v\)). As in L\ and L 2 the nodes each have 
k adjacent edges, all constraints corresponding to adjacent edges in both rule 
graphs have to be contained in the overlap as well. If at least one such con- 
straint is not part of the overlap then o~cv contains more than k constraints 
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corresponding to edges adjacent to v\ — v 2 . As the degree for the node is a 
constant it cannot be changed by any extension and the additional edge con- 
straints cannot be removed either. Therefore in such a case, no extension a e 
can correct the degree inconsistency and Qipcv <3 °e) cannot hold. 

• Di and Z? 2 ar e variable: In this case the overlap is possible without any 
problems. Depending on the number of overlapped adjacent edge constraints 
the degree variables can always be instantiated with the correct degree, thus 
satisfying the invariant Q. 

• w.l.o.g. D\ = k and Z? 2 is a variable: this means D% — k € o~cvi therefore, 
all edge constraints of Cl 2 of edges adjacent to v 2 have to be overlapped 
with edge constraints of Cl x corresponding to edges adjacent to v\. If there is 
such an edge constraint from Cl 2 which is not contained in the overlap, then 
o~cp contains more than k edge constraints corresponding to edges adjacent 
to v\. Again the degree of v\ is specified as the constant k in o~cv, an d thus, 
an extension cannot correct this degree inconsistency. If however, all these 
edge constraints are contained in the overlap, Q is satisfied again, as there are 
exactly k such edge constraints coming from Cl x - 

Finally, consider an edge being overlapped: 
Let type Li (var(ei), var(src(ei)),var(tgt(ei))) £ Cl x and 
typei 2 (var(e 2 ), var(src(e 2 )), var(tgt(e 2 ))) € Cl 2 , then 

var(ei) = var(e 2 ) A var(src(ei)) = var(src(e 2 )) A var(tgt(ei)) = var(tgt(e 2 )) e 



ucv- By Def. 3.3 we have constraints type Ll (src(ei))(var(src(ei)), _) € Cl x and 
type L2 (src(e 2 ))(var(src(e 2 )), _) € Cl 2 - If these two constraints are not part of the 
overlap, the corresponding equality constraint var(src(ei)) = var(src(e 2 )) G acv 
results in a single graph node being represented by two constraints. This is a vio- 
lation of Q, as chr (ground, G) contains exactly one constraint for each node. This 
violation cannot be fixed by an extension, as the conflicting additional node con- 
straint cannot be removed. Analogously, the two node constraints corresponding to 
tgt(ei) and tgt(e 2 ) have to be contained in the overlap. 

Therefore, an overlap acv which violates the invariant Q has to violate it due to 
one of the above reasons for which it cannot be extended by an extension o~ e such 
that Q(acv <\ o- e ) is satisfied. □ 

Combining these two results yields the criterion in Corollary |12| for deciding Q- 
local-confluence. Note that this decision criterion is essentially the same criterion 
as used for traditional local confluence, except that the invariant Q restricts the set 
of investigated overlaps. 

Corollary 12 [Deciding Q- Local- Confluence) 

V is Cf-local-confluent if and only if for all critical pairs CP = (cti,(t 2 ) with over- 
lap dcPi for which G(crcv) holds, CP is joinable. 

Proof 

This follows from the combination of Lemma [lOj Lemma 11 and the insight that 



CT0 is the unique minimal extension in the case of Q[pcv) holding. □ 

Next we transfer the joinability of critical CHR pairs to strong joinability in GTS: 
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Lemma 13 (Q- Confluence Implies Strong Joinability) 

If a terminating GTS-CHR program is C/-confluent, then all critical GTS pairs are 
strongly joinable. 

Proof 

Let Pi 4= G r MS? p 2 be a critical GTS pair. Let = (Lj <— Ki —> Rfj and 
g(r t ) = (n @ C Li «*■ C^,C%) for * = 1,2. 

By Lemma [9] there exists an overlap <7c-p which is a <?-state based on G. As the 
critical pair (a\ , a 2 ) created by the overlap acv is joinable we have the computations 
a CP >— ► a\ ~^>* T\ and acv ^ a 2 ^* i~ 2 with ri = T2. From Thm. [5] we know that 
there exist corresponding GTS transformations G T Mf£ p 1 X% ~ Xi* -4= 

P2 4= G. The isomorphism between ATi and A2 follows from Lemma |4| Hence, 
the critical GTS pair is joinable. 

To see that it is strongly joinable consider the set S(acv)- Every node v for which 
t^G^pA v ) and ^ t g^p 2 ( v ) are defined is a node which is not deleted by either r\ 
or r 2 . As mi and m 2 are jointly surjective w.l.o.g. there exists a node 1/ £ Vr^ of 
rule ri with m{v') = v. As the node is not removed we know v' £ Vk ± , and therefore, 
type Kl (w')(var(w'),dvar(i;')) £ Cl 1 - Either the node is not part of the overlap in 
acv, or if it is overlapped with a node v" £ Vl 2 such that m(v') = m(v"), then we 
also know that v" £ Vk 2 due to the defined track morphism. Therefore, we always 
have the node constraint type^ (v')(vai(v), dvar(w)) <E acv and v £ S(acv)- As 
this node cannot be removed during the transformation, a variant of this constraint 
with adjusted degree is also present in t\ and r%. These two variant constraints are 



uniquely determined, as var(w) £ V by Def. 4.4 and hence, they both have to use 
var(w) for the node identifier variable. This means we still have to show for such a 
node v that the two conditions from Def. I4J2J are satisfied: 



1. tr G ^ Pl ^ Xl (v) and ti G ^p 2 ^x 2 {v) are defined: 

By Thm. [I] we know that the GTS transformations are strong w.r.t. S(acv)- 
As v £ S(acv) this implies v £ m(K) V v £" m(L) for each of the applied 
rules, i.e. the node remains during the transformation and hence the track 
morphisms are defined as in Def. |2.5| 

2- /y(tr G ^ Pl ^ Xl O)) = tY G ^ P . 2 ^x 2 {v): 

As the isomorphism / is derived from n = T2 and var(u) £ V this isomorphism 
correctly relates the original node v with its occurrences in n, resp. X±, and 
r 2 , resp. X 2 . 

□ 

The reverse direction holds as well, as the following lemma shows. 
Lemma 14 (Strong Joinability Implies Q - Confluence) 

If all critical GTS pairs of a terminating GTS are strongly joinable, then the cor- 
responding GTS-CHR program is tj-confluent. 



Proof 

Consider an overlap a C v for the critical CHR pair (ct 1 ,ct 2 ). W.l.o.g. Qipcv) holds 
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according to Cor. 12 Therefore, ocv is a £-state based on G and o~i, o~ 2 correspond 



to graphs G\, G 2 . Consider now G\ Q r A^ 2 q 2 

We now show, that either the critical CHR pair is non-critically joinable, or it 
corresponds to a critical GTS pair and can thus be joined, because all critical GTS 
pairs are strongly joinable. 

First, we want to point out that G is minimal by the definition of the CHR 
overlap, i.e. every occurring node and edge is part of a match, hence, m\ and m 2 
are jointly surjective. 

Next, we distinguish two cases: First, let G\ <== G ==>■ G 2 be parallel inde- 
pendent. Therefore, the second rule can be applied after the first, because none of 
the required nodes or edges has been removed. The following diagram depicts this 
situation: 

G 

ri/ ^ ''2 




X 

By Theorem [5] we can apply the corresponding rules to o~cv i n order to join the 
critical CHR pair, because S(<7cv) contains only nodes not deleted by ri and r 2 . 

Secondly, let G\ r <^H 1 Q r ^S? q 2 ]-, e parallel dependent. It follows that m{L\) H 
m{L2) % m(Ki) n miKi). However, this is now a critical GTS pair, and hence, 
strongly joinable as depicted on the left of the following diagram: 

G a cv 





X\— X 2 u l = u 2 

The right part of the diagram shows the situation for the critical CHR pair 
which is joinable by Thm. [5] This is possible, because Vt> G S(<jcv) we know that 
tra=>Gi( v ) an d trQ^Q 2 (v) arc defined, thus by Def. 4.2 v is never removed and 
still present in Xi and X 2 - Finally, the isomorphism implied by X\ ~ X 2 gives us 
a[ = o~' 2 . Note that despite Lemma[4]not being reversible in general this holds here, 
as it is clearly determined for both o~[ and a' 2 which node identifier variables are 
global and the strong joinability condition reflects this in the isomorphism. 

Therefore, for all overlaps acv with Q{pcv) holding we know that the correspond- 
ing critical CHR pair is joinable, and hence, by Cor. [12] that the CHR program is 
t/-local-confluent. As it is terminating as well, it is (J-confluent. □ 



The combination of the previous two lemmata gives us our main result: 



Theorem 15 {Strong Joinability iff Q -Confluence) 
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All critical GTS pairs of a terminating GTS are strongly joinable if and only if the 
corresponding GTS-CHR program is C/-connuent. 



Proof 

Direct combination of Lemma [ 



and Lemma fl4l □ 



Corollary 16 (Q -Confluence Implies GTS Confluence) 

If a terminating GTS-CHR program is CJ-confluent, then the corresponding GTS is 
confluent. 

Proof 

Strong joinability is a sufficient criterion for confluence of a terminating GTS (cf. 
(Plump 20051). Therefore, this follows directly from Theorem 15 □ 



Practically, with Theorem 



15 



wc can reuse the automatic confluence check for 



terminating CHR programs (Abdcnnadher et al. 1999 Friihwirth 2009) to prove 

showed, it is suffi- 



11 



confluence of a terminating GTS-CHR program. As Lemma 
cient to only consider overlaps satisfying the graph invariant Q . Whenever all the 
resulting critical CHR pairs are joinable, the CHR program is ^-confluent accord- 
ing to Corollary [12] This, in turn, is sufficient for proving confluence of the original 
GTS. 



4-3 Discussion 

In this section we elaborate on some canonical examples that highlight different 
properties of critical pairs. These examples are inspired by (Plump 2005). 

Example 4. 2 

Consider the following rules which use two different edge types: a and b 



rl: 



K 



R 



r2: 



• — -#> 



K 



R 



The only critical GTS pair of these rules is joinable. This is possible in the GTS 
case, because the resulting graphs, shown below, are isomorphic. 



r2 



However, the track morphisms of the above derivations are incompatible, i.e. the 
strong joinability condition from Definition |L2] cannot be satisfied. As the following 
derivation shows, this hinders monotonicity and joinability is lost, when the critical 
pair is embedded into a larger context. 
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The two resulting states are no longer isomorphic and also cannot be joined, as 
no more rules are applicable to them. Therefore, this GTS is not locally confluent, 
although all its critical GTS pairs are joinable. 

We now examine this scenario in CHR. The two GTS rules then become the 
following CHR rules: 

rl @ node(N x ,D x )i±)node(N y ,D y )i±)&(E,N Xl N y ) 
^> 

node(N x , D' x ) W node(7V y , D' y ) W b(£", N x , N x ), 
D' x = D x +1 A D' y = D v -1 
r2 @ node(N x ,D x )ynode(N y ,D y )\&a(E,N x ,Ny) 

node(N x ,D' x ) W node(N y , D' y ) W b(E', N y , N y ), 
D' x = D x -lAD' y =D y +l 
We now consider the critical CHR pair corresponding to the above critical GTS 
pair. It is generated by fully overlapping both rule heads, resulting in the overlap 

cj cv = (node(N 1 ,D 1 )ynode(N 2 ,D 2 )ya,(E,Ni,N 2 ),T,W) 
with V = {Nx,N 2 , D 1: D 2 , E}. The resulting critical CHR pair (cr 1 ,a 2 ) is: 
(node(iVi,£)i) W node(7V 2 , D' 2 ) W b(E', N U N 1 ),D[ = A D' 2 = D 2 -l, V), 

(node(iVi, W node(7V 2j A>) w N 2 ,N 2 ), D x = D x -\ A D 2 = D 2 +1,V) 

It is clear that (Ji ^ er 2 , because CT ^ (-D'j = £>i+l A D' 2 = D 2 -l) ->■ 3 iVi = 7V 2 
as required by Theorem [2] 

The strong nodes Ni and iV 2 , i.e. N%,N 2 £ V, enforce compatible track mor- 
phisms, and hence are responsible for the non-joinability above. If we instead want 
to test non-strong joinability, we can do so as well by setting V = 0. Then, the 
two states <7\ and cr 2 are indeed equivalent by Definition |2.8| as N 2 is existentially 
quantified and the remaining conditions of Theorem [2] hold as well. 

Example 4-3 



Another example from ( Plump 2005 1 is the following GTS which is terminating and 
confluent, however, the critical GTS pair from the overlap of rule rl with itself is 
not strongly joinable. This is a counterexample used to show that strong joinability 
of critical GTS pairs is only a sufficient criterion for confluence of a terminating 
GTS. 



rl: 








K 




r2: 







• • 




• • 


L x y 




K X y 




R X y 
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The GTS works as follows: If there is at least one loop in the graph, then all 
but a last loop are removed by the first rule. Additionally, all non-loop edges are 
removed by the second rule. Therefore, the remaining final graph contains zero or 
one loops and no other edges, and hence the GTS is terminating and confluent due 
to graph isomorphism. The first rule is encoded in CHR as follows: 

rl @ node(N x ,D x )\±lnode{N yi D y )\S 
a(E x ,N x ,N x )i±lei(E y: N y ,N y ) 
^> 

node(N x ,D x )Hlnode{N yi D' y ) W a,(E x ,N x ,N x ), 
D> y =D y -2 

Completely overlapping the rule with itself yields the overlap 

a cv = (node(iVi,£>i) W node(N 2 ,D 2 ) W &(E u Ni, JVi) W &(E 2 , N 2 , N 2 ), T, V) 

with V = {N%,N 2 , D\, D 2 ,Ei, E 2 } resulting in the critical CHR pair (oi, a 2 ) with: 

cti = {node{N 1 ,D 1 )\a>node{N 2l D' 2 )\a>&{E 1 ,N 1 ,N 1 ),D' 2 =D 2 -2,Y) 
a 2 = (node(JVi,Di) W node(A 2 , A>) Wa(£j,JV 2 ,JV 2 ),^ = D x -2,V) 

Analogously to the previous example, the two states are not equivalent and can- 
not be joined, therefore the corresponding critical GTS pair is not strongly joinable. 
Again, setting V = results in both states becoming equivalent. As before, this re- 
flects that for the critical GTS pairs the two corresponding graphs are isomorphic. 



5 Analyzing Operational Equivalence 



Constraint Handling Rules is well-known for its decidable, sufficient, and necessary 



criterion for operational equivalence of terminating and confluent programs (Ab 



dennadher and Friihwirth 1999 Friihwirth 2009). After presenting this result in 



Section |5.1| we introduce the concept of operational equivalence for graph trans- 
formation systems in Section |5.2| Then we investigate operational equivalence of 
GTS-CHR programs and show that it is sufficient for operational equivalence of the 
original GTS. We further demonstrate its application to detect redundant rules of 
a GTS. 



The contents of this section are a revised and extended version of (Raiser and 



Friihwirth 2009a) 



5.1 Operational Equivalence in CHR 

Operational equivalence, intuitively, means that two programs should be able to 
compute equivalent outputs given the same input. Applied to a single state, this 
behavior is called "PijTVjoinability: 

Definition 5.1 {J ) \,V 2 -joinability) 

Let Vi,V 2 be CHR programs. A state a is Vi,V 2 -joinable, if and only if there are 
computations a o\ and a ^-»p 2 ct 2 with o~\ = a 2 where all Oi are final states 
with respect to Vi- 
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If Pij^-joinability is given for all states the programs are considered opera- 
tionally equivalent: 

Definition 5.2 [Operational Equivalence) 
Let V\,Vi be CHR programs. 

Vi,V2 are operationally equivalent if and only if all states a are V\, T^-joinable. 

As mentioned before, operational equivalence is decidable for terminating and 
confluent CHR programs. Similarly to confluence, the decision algorithm investi- 
gates critical states created from rule heads. 

Definition 5.3 {Critical States) 

Let V\,Vi be CHR programs. The set of critical states ofV\ and V2 is defined as 
{<iT,T,vars(iT)) | (H & B c , B b ) € Vx U P 2 }- 

Note that we had to consider observable confluence for CHR, because overlap 
states constructed for critical pair analysis may not always encode a graph. The 
critical states used for operational equivalence here, however, stem directly from 
a complete head of a rule, which in turn was derived from a GTS rule graph. 
Therefore, all critical states of GTS-CHR programs are valid encodings of graphs. 



The following theorem, adapted from ( Abdennadher and Friihwirth 1999 1 , is 
based on the idea to determine V\, T-^-joinability of these critical states. The mono- 
tonicity property of CHR ensures, that if all critical states are Vi, TVjoinable, then 
all states are. Additionally demanding termination and confluence of the programs, 
allows us to decide Vi, T^-joinability simply by executing a critical state in each of 
the programs and then comparing the resulting final states. 

Theorem 17 (Operational Equivalence via Critical States) 

Let V\,Vi be terminating and confluent CHR programs. V\,Vi are operationally 
equivalent if and only if for all critical states a of V\ and V2 it holds that a is 
"Pit T^-joinable. 

Proof 

Given in (Abdennadher and Friihwirth 19991. □ 



Note that in contrast to confluence, Theorem 17 will always consider states sat- 
isfying the C/-invariant, when applied to a GTS-CHR program. This follows from 
the fact, that each critical state is the head of a rule, and in turn, corresponds to a 
rule graph from the GTS by construction. 



5.2 Analyzing Operational Equivalence in GTS 

In this section we introduce the notion of operational equivalence for GTS. Based on 
the previous embedding of GTS in CHR, we use the existing decision algorithm from 
CHR as a sufficient criterion for operational equivalence of two graph transformation 
systems. 

First, we define the property of <Si,<S2-joinability for two graph transformation 
systems Si,S 2 , analogously to V\, TVjoinability. 
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Definition 5.4 (Si,S2-joinability) 

Let <Si,iS2 be two graph transformation systems. A typed graph G is S\,S2-joinable 
if and only if there are derivations G G\ and G =^s 2 Gi with G\ ~ G2 being 
final with respect to S\ and £2- 

Here ~ denotes traditional graph isomorphism and a graph G is considered final 
with respect to S iff there is no transition G =>s H for any graph H . 

Building on Si, 52-joinability, we now define operational equivalence for graph 
transformation systems with the same intuitive understanding: two operationally 
equivalent GTS should be able to produce the same result graphs up to isomorphism 
given an input graph: 

Definition 5.5 (GTS Operational Equivalence) 

Let 1S1 = (Vi,TG) and 6>2 = (V21TG) be two graph transformation systems. 

Si , £2 are operationally equivalent if and only if for all graphs G typed over TG 
it holds that G is Si, 6>2-joinable. 

Similar to operational equivalence in CHR, where it is futile to directly compare 
programs that use different constraints, Definition |5.5| requires <Si and 1S2 to be 



based on the same type graph TG. With the previous results from (Raiser and 



Friihwirth 2009b I we can directly use CHR's operational equivalence as a sufficient 



criterion for deciding operational equivalence of two GTS: 
Theorem 18 (GTS-CHR Operational Equivalence) 

Let Si , 1S2 be graph transformation systems and V\ , V2 their corresponding GTS- 
CHR programs. Si , S2 are operationally equivalent if Vi , V2 are operationally equiv- 
alent . 

Proof 

Let G be a graph typed over TG. Then the state a = ( chr (ground, G), T, 0) is 
PijT-Vjoinable by Def. |5.1| Therefore, there exist the final states o~i = a 2 with 
a >—>p 1 and a 02- 

By Thm. [5] we know that there exist corresponding derivations G G\ and 
G =>5 2 G2 such that ai is a (/-state based on Gi and 02 is a (/-state based on G2. 

The graphs Gi and G2 are final states w.r.t. Si and £2, and finally, the isomor- 
phism between G\ and G2 is implied by ci = 02 according to Lemma|4] Therefore, 
G is Si, iS2-joinable. □ 

An interesting application of the above theorem is the removal of redundant rules. 



Originally proposed in (Abdennadher and Friihwirth 2003), decidable operational 



equivalence of CHR programs implies a straight-forward redundant rule removal 
algorithm: Remove a single rule from the program, then compare the operational 
equivalence of the program thus created and the original program. If the two pro- 
grams are operationally equivalent the selected rule is shown to be redundant and 
can be removed. 

Clearly, program equivalence in general is undecidable, and hence, we cannot 
expect such an algorithm to correctly identify all redundant rules. Nevertheless, the 
algorithm was applied in CHR research to great success on automatically generated 
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L x y 




• • 

K x y 




R x y 












• x 




R 9y #z 



Fig. 11. Example of a graph transformation system 



programs ( Abdennadher and Sobhi 2007 Raiser 2008). These generations tend to 



create rules which subsume each other, in which case the algorithm works well as 
the following example demonstrates. 

Example 5.1 



Consider the graph transformation system 5i given in Figure 11 It depicts a typical 
case, in that the rule r2 is subsumed by rule rl. While this is easily verified by a 
human reader, Theorem [17] gives us the means for an automated verification. 

In order to verify the redundancy of rule r2, consider a second graph trans- 
formation system 52, which contains only rule rl. Proving that 5i and 52 are 
operationally equivalent then proves the redundancy of rule r2. 

Encoding the graph transformation system 5i from Figure [TT] in CHR results in 
the following two rules: 

rl @ node(N x ,D x ) 1+1 node(N y ,D y ) 1+1 &(E,N x ,N y ) 

node(N x ,D x ) l+J node(N y ,D y ) l+J b(E',N x ,N y ) 



r2 @ node(N x ,D x )Wnode(N y ,Dy)\ijnode(N z ,D z )[t) 
a(E y ,N x ,N y )\±la(E z ,N x ,N z ) 

node(N x ,D x ) l+l node(N y , D y ) l+l node(7V z , D z )l±J 
b(E 1 ,N x ,N y )iSb(E 2 ,N x ,N z ) 

This GTS-CHR program V\ is confluent and terminating and the same holds for 
7-2, which encodes S 2 respectively. Next, we investigate the 'P^TVjoinability of all 
critical states, of which there are two. The critical state derived from rl is clearly 
Pi, T^-joinable, as the same rule can be applied to it in both programs, resulting 
in equivalent final states. 

The critical state derived from rule r2 contains two a-edges, which can be con- 
verted to b-edges either by applying rule r2 or rule rl twice. Therefore, the final 
states in both programs are equivalent again, and hence, the programs are opera- 
tionally equivalent. As a conclusion, S± and 52 are operationally equivalent, which 
in turn proves the redundancy of rule r2. 

In general, Theorem [18| cannot be reversed, i.e. it is only a sufficient, not a neces- 
sary criterion. A counterexample for the reverse direction is given in the following 



example. Notice that it is based on the example used by (Plump 20051 in order to 
demonstrate why the critical pair lemma is not a necessary criterion for confluence. 
This might be seen as an indication that a similar situation exists for GTS program 
equivalence. 
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Example 5.2 

Consider two GTS with the first being the one from Example 4.3 and the second 
GTS is identical to the first except for rule rl, in which the loop for node x is 
removed instead. It is clear, that both programs are terminating, confluent, and 
operationally equivalent. The following two rules are from the corresponding GTS- 
CHR programs V\ and V%: 

rl @ node(N x , D x ) l±J node(iV y , D B )l±l 
&(E X ,N X ,N X )& a(E y ,N y ,N y ) 

node(A^, D x ) U nodc(iV y , D' y ) W &(E X ,N X ,N X ), 
D' y = D y -2 

rV @ node(N x ,D x ) 1+1 node(N v ,D y )\£ 
a,(E x ,N x ,N x )\£ &{E y ,N y ,N y ) 

node(N x ,D' x )\±lnode{N y ,D y ) l±J a,(E y , N y , N y ), 
DL = D. r -2 



We can now investigate the following critical state a according to Theorem 18 
where V = {N x , N y , D x , D y , E x , E y } : 

a = (node {N x ,D W )\H node (N y ,D y ) l±l a,(E x ,N x ,N x ) l±J a,(E y ,N y ,N y ),T ,V) 

The critical state cr is not ■pi,7 , 2-joinable, as there is only one rule applicable in 
each program and the resulting states are not equivalent: 

(node(N x ,D x )Unode(N y ,D y )M&(E x ,N x ,N x ),D' y =D y -2,V)=T 1 

a ^ (node(N x , D' x ) W node(N y , D y ) W a(.E„, 7V y , N y ),D' x = D X -2,Y) = r 2 



6 Related and Future Work 



The relation of CHR to other formalisms has been thoroughly investigated in the 
literature. This includes comparison to logical formalisms (e.g., linear logic (Betz 
and Friihwirth 2005|), term rewriting ((Duck et al. 2006)), Join-Calculus (( 



and Sulzmann 2008)), and Petri nets (Betz 2007). More detained surveys of these 



relations can be found in (Sneyers et al. 20091 and (Friihwirth 2009). 



Lam 



The relation of graph transformation systems to CHR differs from these other 
formalisms, because firstly, it is a graph-based formalism, and secondly, there are 
significant differences in program analysis results. Most importantly, confluence of 



terminating GTS is undecidable ( Plump 2005 ) whereas confluence of terminating 



CHR programs is decidable (Abdennadher et al. 1999). Furthermore, no opera- 



tional equivalence analysis exists for GTS, as opposed to the situation in CHR 



(Abdennadher and Friihwirth 1999). 



The operational equivalence test presented in Section [5] yields a method for re- 



moval of redundant rules, which is remarkable for another reason: In (Kreowski and 



Valiente 2000 1 the notions of redundancy and subsumptions have been introduced 



for GTS, however, the authors only gave the definitions and a sufficient condition 
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for redundancy, but no verification procedure. While the notion of redundancy in 



that paper is slightly different from the one found in (Abdennadher and Friihwirth 



2003), the adaptation of the algorithm to GTS-CHR programs is to the best of our 



knowledge the only available verification procedure for redundant GTS rules. 

Note, that operational equivalence, as defined here, is only one possible notion of 
equivalence between programs. It was used in this work as an example of CHR pro- 
gram analyses applied to embedded graph transformation systems. Another, more 
popular, notion of equivalence of GTS is bisimilarity, introduced in the GTS context 
in ( |Ehrig and Konig 2004[ ) . It has been successfully applied to determine behavioral 
equivalence of graph transformation systems in ( Rangel et al. 2008 ) . While bisimi- 
larity originated from process calculi and is focused on the transitions made during 
computations of a result, operational equivalence on the other hand, only compares 
the final computational results, independently of how they are reached. 

The encoding of GTS in CHR, as presented in Section [3j is based on the double- 
pushout approach for graph transformation systems. A related graph rewriting 
mechanism, the single-pushout approach, was introduced in ( Lowe 1993 ) . Instead 
of demanding two pushouts, as in Figure |4j rewriting is defined there over a cate- 
gory of partial graph morphisms, hence only a single pushout construction is used. 
Intuitively, this results in a different behavior with respect to dangling edges: While 
the double-pushout approach prohibits a rule application in case a dangling edge 
would remain, the single-pushout approach removes all dangling edges instead. In 
( Lowe and Miiller 1993 ) the authors investigate confluence for single-pushout graph 
rewriting. In particular, the critical pair analysis is shown to be only a sufficient 
criterion as well, not a necessary one. 

In this work, we based our encoding on the DPO approach as the non-applicability 
of rules due to the dangling edge condition corresponds nicely to non-applicability 
of corresponding CHR rules. In order to support the approach from (Lowe 1993), 
remaining dangling edges would need to be removed by an additional rule, hence, 
we would lose the one-on-one correspondence of GTS and CHR rules. 

Our encoding further serves as the foundation of the extensible platform for the 
analysis of graph transformation systems using constraint handling rules presented 



in the diploma thesis (Wasserthal 20091. This platform is based on JCHR (Van 



Weert 2008 1 , a Java-based implementation of CHR and the work presented in Sec- 



tion [3] The developed tool presents a graphical view of a GTS which is synchronized 
with the corresponding GTS-CHR program at all times. Furthermore, it provides 
an interface for program analysis plug-ins, which can work directly on the GTS or 
on the GTS-CHR program. 

As this work demonstrated, our embedding leads to cross-fertilizations of CHR 
and GTS research. Future work should therefore concentrate on further comparing 
the different approaches to program analysis. In particular, CHR provides several 



approaches to termination analysis (Friihwirth 2000 Voets et al. 2008 Pilozzi and 



De Schreye 2008 ) that GTS research may profit from. 



Research on GTS contains several extensions for the typed graphs and rules con- 
sidered in this work. One such extension adds attributes (Ehrig et al. 2006) to 
graphs, which can then be modified by rules. We assume that built-in constraints 
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available in CHR could closely correspond to attributes. Another important exten- 
sion, is the addition of negative application conditions (Ehrig et al. 20061, i.e. ap- 
plying a rule requires the absence of certain graph structures. This is more difficult 
to achieve in CHR, as it traditionally has no support for negation as absence. How- 



ever, there exist proposed extensions of CHR with negation as absence (Van Weert 



et al. 2006) and aggregates (Van Weert et al. 2008), which could help in extending 



our encoding to allow application conditions. 

Our work on operational equivalence for graph transformation systems yielded a 
first useable criterion. However, there is lot of remaining work in this field. From 
a decidability point of view, operational equivalence is in a similar situation as 
confluence: (Plump 2005) showed that confluence is undecidable even for terminat- 
ing GTS and we expect a similar result for operational equivalence. Therefore, our 
criterion might only be applicable to a small subset of all GTS. 

Similarly, in CHR research, the operational equivalence result assumes that both 
programs use the same constraint symbols in the same manner. While this restric- 
tion yields a decidable criterion, it also means that it seldomly applies to real- world 
programs. Traditionally, one may be able to manually show operational equivalence 
for two concrete programs by taking into account known restrictions on data struc- 
tures or inputs and ignoring irrelevant states. The same situation was present for 
confluence (e.g., (Friihwirth 2005)) until observable confluence (Duck et al. 2007) 
succeeded in providing an extended approach. 

We plan to develop such an invariant-based approach for operational equivalence 
in CHR as well, which extends Theorem |17| Combined with a better criterion 
for operational equivalence in GTS, including the track morphism similarly to the 
critical pair approach, this might reveal a closer correspondence between operational 
equivalence in both systems. 



7 Conclusion 

We have shown that constraint handling rules (CHR) provides an elegant way 
for embedding graph transformation systems (GTS). The resulting rules are con- 
cise and directly related to the corresponding graph production rules. We proved 
soundness and completeness of this embedding and verified formal properties of 
CHR states that encode graphs. Furthermore, we considered partial graphs and 
showed that the CHR embedding naturally supports these, hence facilitating pro- 
gram analysis. 

Next, we analyzed confluence and showed that observable confluence of a GTS- 
CHR program is a sufficient criterion for confluence of the analyzed GTS. Further- 
more, we transferred the notion of operational equivalence from CHR to GTS and 
discussed the CHR-based decision algorithm for redundant rule removal. 
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